[v9.5.x] Chore: Upgrade Go to 1.20.10 (#76367)

Chore: Upgrade Go to 1.20.10 (#76355)

* [v10.1.x] Chore: Upgrade Go to 1.20.10

* Rebuild .drone.yml

(cherry picked from commit 4287686420)

.codespellignore

@@ -0,0 +1,4 @@
+aks
+eror
+iam
+wan

.drone.star

@@ -12,11 +12,9 @@ load("scripts/drone/events/main.star", "main_pipelines")
 load(
     "scripts/drone/events/release.star",
     "integration_test_pipelines",
-    "oss_pipelines",
     "publish_artifacts_pipelines",
     "publish_npm_pipelines",
     "publish_packages_pipeline",
-    "verify_release_pipeline",
 )
 load(
     "scripts/drone/rgm.star",
@@ -43,17 +41,15 @@ def main(_ctx):
     return (
         pr_pipelines() +
         main_pipelines() +
-        oss_pipelines() +
         publish_image_pipelines_public() +
         publish_artifacts_pipelines("public") +
         publish_npm_pipelines() +
         publish_packages_pipeline() +
-        [verify_release_pipeline()] +
+        rgm() +
         [windows_test_backend({
             "event": ["promote"],
             "target": ["test-windows"],
         }, "oss", "testing")] +
-        rgm() +
         version_branch_pipelines() +
         integration_test_pipelines() +
         publish_ci_windows_test_image_pipeline() +

.github/workflows/auto-milestone.yml

@@ -2,6 +2,8 @@ name: Auto-milestone
 on:
   pull_request:
     types:
+      - opened
+      - reopened
       - closed
 
 jobs:

.github/workflows/codeql-analysis.yml

@@ -44,7 +44,7 @@ jobs:
       name: Set go version
       uses: actions/setup-go@v3
       with:
-        go-version: '1.20.6'
+        go-version: '1.20.10'
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/pr-codeql-analysis-go.yml

@@ -23,7 +23,7 @@ jobs:
     - name: Set go version
       uses: actions/setup-go@v3
       with:
-        go-version: '1.20.6'
+        go-version: '1.20.10'
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/sync-mirror.yml

@@ -1,7 +1,7 @@
 # Owned by grafana-delivery-squad
 # Intended to be dropped into the base repo, Ex: grafana/grafana
 name: Sync to mirror
-run-name: sync-to-mirror-${{ github.base_ref }}-${{ github.head_ref }}
+run-name: sync-to-mirror-${{ github.ref_name }}
 on:
   workflow_dispatch:
   push:
@@ -13,7 +13,7 @@ on:
 # This is run after the pull request has been merged, so we'll run against the target branch
 jobs:
   trigger_downstream_patch_mirror:
-    concurrency: patch-mirror-${{ github.ref }}
+    concurrency: patch-mirror-${{ github.ref_name }}
     uses: grafana/security-patch-actions/.github/workflows/mirror-branch-and-apply-patches.yml@main
     if: github.repository == 'grafana/grafana'
     with:

.pa11yci-pr.conf.js

@@ -80,7 +80,7 @@ var config = {
     {
       url: '${HOST}/?orgId=1',
       wait: 500,
-      threshold: 0,
+      threshold: 3,
     },
     {
       url: '${HOST}/d/O6f11TZWk/panel-tests-bar-gauge',
@@ -93,7 +93,7 @@ var config = {
       url: '${HOST}/?orgId=1&search=open',
       wait: 500,
       rootElement: '.main-view',
-      threshold: 0,
+      threshold: 3,
     },
     {
       url: '${HOST}/alerting/list',

CHANGELOG.md

@@ -1,3 +1,81 @@
+<!-- 9.5.10 START -->
+
+# 9.5.10 (2023-09-18)
+
+### Features and enhancements
+
+- **Chore:** Upgrade Alpine base image to 3.18.3. [#74995](https://github.com/grafana/grafana/issues/74995), [@zerok](https://github.com/zerok)
+- **Chore:** Upgrade Go to 1.20.8. [#74982](https://github.com/grafana/grafana/issues/74982), [@zerok](https://github.com/zerok)
+
+<!-- 9.5.10 END -->
+<!-- 9.5.9 START -->
+
+# 9.5.9 (2023-09-05)
+
+### Features and enhancements
+
+- **SSE:** DSNode to update result with names to make each value identifiable by labels (only Graphite and TestData). [#73642](https://github.com/grafana/grafana/issues/73642), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Prometheus:** Add present_over_time syntax highlighting. [#72367](https://github.com/grafana/grafana/issues/72367), [@arnaudlemaignen](https://github.com/arnaudlemaignen)
+- **Alerting:** Improve performance of matching captures. [#71998](https://github.com/grafana/grafana/issues/71998), [@grobinson-grafana](https://github.com/grobinson-grafana)
+
+### Bug fixes
+
+- **LDAP:** Fix user disabling. [#74096](https://github.com/grafana/grafana/issues/74096), [@gamab](https://github.com/gamab)
+
+<!-- 9.5.9 END -->
+<!-- 9.5.8 START -->
+
+# 9.5.8 (2023-08-16)
+
+### Features and enhancements
+
+- **GenericOAuth:** Set sub as auth id. [#73223](https://github.com/grafana/grafana/issues/73223), [@kalleep](https://github.com/kalleep)
+
+### Bug fixes
+
+- **DataSourceProxy:** Fix url validation error handling. [#73320](https://github.com/grafana/grafana/issues/73320), [@ricci2511](https://github.com/ricci2511)
+
+<!-- 9.5.8 END -->
+<!-- 9.5.7 START -->
+
+# 9.5.7 (2023-07-20)
+
+### Features and enhancements
+
+- **Alerting:** Sort NumberCaptureValues in EvaluationString. [#71930](https://github.com/grafana/grafana/issues/71930), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** No longer silence paused alerts during legacy migration. [#71765](https://github.com/grafana/grafana/issues/71765), [@JacobsonMT](https://github.com/JacobsonMT)
+- **Chore:** Upgrade Go to 1.20.6. [#71446](https://github.com/grafana/grafana/issues/71446), [@sakjur](https://github.com/sakjur)
+- **Alerting:** Remove and revert flag alertingBigTransactions. [#70910](https://github.com/grafana/grafana/issues/70910), [@santihernandezc](https://github.com/santihernandezc)
+- **Alerting:** Migrate unknown NoData\Error settings to the default. [#70905](https://github.com/grafana/grafana/issues/70905), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Tempo:** Escape regex-sensitive characters in span name before building promql query. [#68318](https://github.com/grafana/grafana/issues/68318), [@joey-grafana](https://github.com/joey-grafana)
+- **Alerting:** Update grafana/alerting to ce9fba9. [#67685](https://github.com/grafana/grafana/issues/67685), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Chore:** Upgrade Go to 1.20.6. (Enterprise)
+
+### Bug fixes
+
+- **Plugins:** Only configure plugin proxy transport once. [#71741](https://github.com/grafana/grafana/issues/71741), [@wbrowne](https://github.com/wbrowne)
+- **Alerting:** Fix unique violation when updating rule group with title chains/cycles. [#71330](https://github.com/grafana/grafana/issues/71330), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Fix:** Change getExistingDashboardByTitleAndFolder to get dashboard by title, not slug. [#70961](https://github.com/grafana/grafana/issues/70961), [@yangkb09](https://github.com/yangkb09)
+- **Alerting:** Convert 'Both' type Prometheus queries to 'Range' in migration. [#70907](https://github.com/grafana/grafana/issues/70907), [@JacobsonMT](https://github.com/JacobsonMT)
+- **Alerting:** Support newer http_config struct. [#69718](https://github.com/grafana/grafana/issues/69718), [@gillesdemey](https://github.com/gillesdemey)
+- **InfluxDB:** Interpolate retention policies. [#69299](https://github.com/grafana/grafana/issues/69299), [@itsmylife](https://github.com/itsmylife)
+- **StatusHistory:** Fix rendering of value-mapped null. [#69107](https://github.com/grafana/grafana/issues/69107), [@leeoniya](https://github.com/leeoniya)
+- **Alerting:** Fix provenance guard checks for Alertmanager configuration to not cause panic when compared nested objects. [#69092](https://github.com/grafana/grafana/issues/69092), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **AnonymousAuth:** Fix concurrent read-write crash. [#68802](https://github.com/grafana/grafana/issues/68802), [@Jguer](https://github.com/Jguer)
+- **AzureMonitor:** Ensure legacy properties containing template variables are correctly migrated. [#68790](https://github.com/grafana/grafana/issues/68790), [@aangelisc](https://github.com/aangelisc)
+- **Explore:** Remove data source onboarding page. [#68643](https://github.com/grafana/grafana/issues/68643), [@harisrozajac](https://github.com/harisrozajac)
+- **Dashboard:** Re-align Save form. [#68625](https://github.com/grafana/grafana/issues/68625), [@polibb](https://github.com/polibb)
+- **Azure Monitor:** Fix bug that did not show alert rule preview. [#68582](https://github.com/grafana/grafana/issues/68582), [@alyssabull](https://github.com/alyssabull)
+- **Histogram:** Respect min/max panel settings for x-axis. [#68244](https://github.com/grafana/grafana/issues/68244), [@leeoniya](https://github.com/leeoniya)
+- **Heatmap:** Fix color rendering for value ranges < 1. [#68163](https://github.com/grafana/grafana/issues/68163), [@leeoniya](https://github.com/leeoniya)
+- **Heatmap:** Handle unsorted timestamps in calculate mode. [#68150](https://github.com/grafana/grafana/issues/68150), [@leeoniya](https://github.com/leeoniya)
+- **Google Cloud Monitor:** Fix mem usage for dropdown. [#67949](https://github.com/grafana/grafana/issues/67949), [@asimpson](https://github.com/asimpson)
+- **AzureMonitor:** Fix logs query multi-resource and timespan values. [#67932](https://github.com/grafana/grafana/issues/67932), [@aangelisc](https://github.com/aangelisc)
+- **Utils:** Reimplement util.GetRandomString to avoid modulo bias. [#66970](https://github.com/grafana/grafana/issues/66970), [@DanCech](https://github.com/DanCech)
+- **License:** Enable FeatureUserLimit for all products. (Enterprise)
+- **Auth:** Remove ldap init sync. (Enterprise)
+
+<!-- 9.5.7 END -->
 <!-- 9.5.6 START -->
 
 # 9.5.6 (2023-07-11)

Dockerfile

@@ -1,9 +1,9 @@
 # syntax=docker/dockerfile:1
 
-ARG BASE_IMAGE=alpine:3.17
-ARG JS_IMAGE=node:18-alpine3.17
+ARG BASE_IMAGE=alpine:3.18.3
+ARG JS_IMAGE=node:18-alpine3.18
 ARG JS_PLATFORM=linux/amd64
-ARG GO_IMAGE=golang:1.20.6-alpine3.17
+ARG GO_IMAGE=golang:1.20.10-alpine3.18
 
 ARG GO_SRC=go-builder
 ARG JS_SRC=js-builder
@@ -64,6 +64,7 @@ COPY pkg pkg
 COPY scripts scripts
 COPY conf conf
 COPY .github .github
+COPY LICENSE ./
 
 ENV COMMIT_SHA=${COMMIT_SHA}
 ENV BUILD_BRANCH=${BUILD_BRANCH}
@@ -110,7 +111,7 @@ RUN if grep -i -q alpine /etc/issue; then \
     elif grep -i -q ubuntu /etc/issue; then \
       DEBIAN_FRONTEND=noninteractive && \
       apt-get update && \
-      apt-get install -y ca-certificates curl tzdata && \
+      apt-get install -y ca-certificates curl tzdata musl && \
       apt-get autoremove -y && \
       rm -rf /var/lib/apt/lists/*; \
     else \
@@ -165,6 +166,7 @@ RUN if [ ! $(getent group "$GF_GID") ]; then \
 
 COPY --from=go-src /tmp/grafana/bin/grafana* /tmp/grafana/bin/*/grafana* ./bin/
 COPY --from=js-src /tmp/grafana/public ./public
+COPY --from=go-src /tmp/grafana/LICENSE ./
 
 EXPOSE 3000
 

Makefile

@@ -192,7 +192,7 @@ build-docker-full-ubuntu: ## Build Docker image based on Ubuntu for development.
 	--build-arg COMMIT_SHA=$$(git rev-parse --short HEAD) \
 	--build-arg BUILD_BRANCH=$$(git rev-parse --abbrev-ref HEAD) \
 	--build-arg BASE_IMAGE=ubuntu:20.04 \
-	--build-arg GO_IMAGE=golang:1.20.6 \
+	--build-arg GO_IMAGE=golang:1.20.10 \
 	--tag grafana/grafana$(TAG_SUFFIX):dev-ubuntu \
 	$(DOCKER_BUILD_ARGS)
 

conf/defaults.ini

@@ -783,6 +783,24 @@ managed_identity_enabled = false
 # Should be set for user-assigned identity and should be empty for system-assigned identity
 managed_identity_client_id =
 
+# Specifies whether Azure AD Workload Identity authentication should be enabled in datasources that support it
+# For more documentation on Azure AD Workload Identity, review this documentation:
+# https://azure.github.io/azure-workload-identity/docs/
+# Disabled by default, needs to be explicitly enabled
+workload_identity_enabled = false
+
+# Tenant ID of the Azure AD Workload Identity
+# Allows to override default tenant ID of the Azure AD identity associated with the Kubernetes service account
+workload_identity_tenant_id =
+
+# Client ID of the Azure AD Workload Identity
+# Allows to override default client ID of the Azure AD identity associated with the Kubernetes service account
+workload_identity_client_id =
+
+# Custom path to token file for the Azure AD Workload Identity
+# Allows to set a custom path to the projected service account token file
+workload_identity_token_file =
+
 #################################### Role-based Access Control ###########
 [rbac]
 # If enabled, cache permissions in a in memory cache
@@ -1005,6 +1023,11 @@ max_attempts = 3
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
 min_interval = 10s
 
+# This is an experimental option to add parallelization to saving alert states in the database.
+# It configures the maximum number of concurrent queries per rule evaluated. The default value is 1
+# (concurrent queries per rule disabled).
+max_state_save_concurrency = 1
+
 [unified_alerting.screenshots]
 # Enable screenshots in notifications. You must have either installed the Grafana image rendering
 # plugin, or set up Grafana to use a remote rendering service.

conf/sample.ini

@@ -754,6 +754,24 @@
 # Should be set for user-assigned identity and should be empty for system-assigned identity
 ;managed_identity_client_id =
 
+# Specifies whether Azure AD Workload Identity authentication should be enabled in datasources that support it
+# For more documentation on Azure AD Workload Identity, review this documentation:
+# https://azure.github.io/azure-workload-identity/docs/
+# Disabled by default, needs to be explicitly enabled
+;workload_identity_enabled = false
+
+# Tenant ID of the Azure AD Workload Identity
+# Allows to override default tenant ID of the Azure AD identity associated with the Kubernetes service account
+;workload_identity_tenant_id =
+
+# Client ID of the Azure AD Workload Identity
+# Allows to override default client ID of the Azure AD identity associated with the Kubernetes service account
+;workload_identity_client_id =
+
+# Custom path to token file for the Azure AD Workload Identity
+# Allows to set a custom path to the projected service account token file
+;workload_identity_token_file =
+
 #################################### Role-based Access Control ###########
 [rbac]
 ;permission_cache = true

docs/docs.mk

@@ -76,7 +76,7 @@ docs-rm: ## Remove the docs container.
 
 .PHONY: docs-pull
 docs-pull: ## Pull documentation base image.
-	$(PODMAN) pull $(DOCS_IMAGE)
+	$(PODMAN) pull -q $(DOCS_IMAGE)
 
 make-docs: ## Fetch the latest make-docs script.
 make-docs:

docs/make-docs

@@ -19,6 +19,21 @@ readonly WEBSITE_MOUNTS="${WEBSITE_MOUNTS:-}"
 
 PODMAN="$(if command -v podman >/dev/null 2>&1; then echo podman; else echo docker; fi)"
 
+if ! command -v curl >/dev/null 2>&1; then
+  if ! command -v wget >/dev/null 2>&1; then
+    errr 'either `curl` or `wget` must be installed for this script to work.'
+
+    exit 1
+  fi
+fi
+
+if ! command -v "${PODMAN}" >/dev/null 2>&1; then
+  errr 'either `podman` or `docker` must be installed for this script to work.'
+
+  exit 1
+fi
+
+
 about() {
   cat <<EOF
 Test documentation locally with multiple source repositories.
@@ -214,9 +229,10 @@ repo_path() {
   done
   unset IFS
 
-  echo "ERRR: could not find project '${_repo}' in any of the paths in REPOS_PATH '${REPOS_PATH}'." >&2
-  echo "NOTE: you must have a checkout of the project '${_repo}' at '${REPOS_PATH##:*}/${_repo}'." >&2
-  echo "NOTE: if you have cloned the repository into a directory with a different name, consider changing it to ${_repo}." >&2
+  errr "could not find project '${_repo}' in any of the paths in REPOS_PATH '${REPOS_PATH}'."
+  note "you must have a checkout of the project '${_repo}' at '${REPOS_PATH##:*}/${_repo}'."
+  note "if you have cloned the repository into a directory with a different name, consider changing it to ${_repo}."
+
   unset _repo
   exit 1
 }
@@ -302,6 +318,50 @@ POSIX_HERESTRING
   unset _project _version _repo _path
 }
 
+await_build() {
+  url="$1"
+  req="$(if command -v curl >/dev/null 2>&1; then echo 'curl -s -o /dev/null'; else echo 'wget -q'; fi)"
+
+  sleep 2
+
+  if ${req} "${url}"; then
+    echo
+    echo "View documentation locally:"
+    for x in ${url_src_dst_vers}; do
+      IFS='^' read -r url _ _ <<POSIX_HERESTRING
+$x
+POSIX_HERESTRING
+
+      if [ -n "${url}" ]; then
+        if [ "${_url}" != "arbitrary" ]; then
+          echo "  ${url}"
+        fi
+      fi
+    done
+    echo
+    echo 'Press Ctrl+C to stop the server'
+  else
+    echo
+    errr 'The build was interrupted or a build error occurred, check the previous logs for possible causes.'
+  fi
+
+  unset url req
+}
+
+debg() {
+  if [ -n "${DEBUG}" ]; then
+    echo "DEBG: $1" >&2
+  fi
+}
+
+errr() {
+  echo "ERRR: $1" >&2
+}
+
+note() {
+  echo "NOTE: $1" >&2
+}
+
 url_src_dst_vers="$(url_src_dst_vers "$@")"
 
 volumes=""
@@ -327,13 +387,14 @@ POSIX_HERESTRING
 
   if [ "${_url}" != "arbitrary" ]; then
     if [ ! -f "${_src}/_index.md" ]; then
-      echo "ERRR: Index file '${_src}/_index.md' does not exist." >&2
-      echo "Is '${_src}' the correct source directory?" >&2
+      errr "Index file '${_src}/_index.md' does not exist."
+      note "Is '${_src}' the correct source directory?"
       exit 1
     fi
   fi
 
-  echo "DEBG: Mounting '${_src}' at container path '${_dst}'" >&2
+  debg "DEBG: Mounting '${_src}' at container path '${_dst}'"
+
   if [ -z "${volumes}" ]; then
     volumes="--volume=${_src}:${_dst}"
   else
@@ -359,35 +420,35 @@ case "${image}" in
     proj="$(new_proj "$1")"
     echo
     "${PODMAN}" run \
-      --init \
-      --interactive \
-      --name "${DOCS_CONTAINER}" \
-      --platform linux/amd64 \
-      --rm \
-      --tty \
-      ${volumes} \
-      "${DOCS_IMAGE}" \
-      "--include=${DOC_VALIDATOR_INCLUDE}" \
-      "--skip-checks=${DOC_VALIDATOR_SKIP_CHECKS}" \
-      /hugo/content/docs \
-      "$(proj_canonical "${proj}")" | sed "s#$(proj_dst "${proj}")#sources#"
+                --init \
+                --interactive \
+                --name "${DOCS_CONTAINER}" \
+                --platform linux/amd64 \
+                --rm \
+                --tty \
+                ${volumes} \
+                "${DOCS_IMAGE}" \
+                "--include=${DOC_VALIDATOR_INCLUDE}" \
+                "--skip-checks=${DOC_VALIDATOR_SKIP_CHECKS}" \
+                /hugo/content/docs \
+                "$(proj_canonical "${proj}")" | sed "s#$(proj_dst "${proj}")#sources#"
     ;;
   'grafana/vale')
     proj="$(new_proj "$1")"
     echo
     "${PODMAN}" run \
-      --init \
-      --interactive \
-      --name "${DOCS_CONTAINER}" \
-      --platform linux/amd64 \
-      --rm \
-      --tty \
-      ${volumes} \
-      "${DOCS_IMAGE}" \
-      "--minAlertLevel=${VALE_MINALERTLEVEL}" \
-      --config=/etc/vale/.vale.ini \
-      --output=line \
-      /hugo/content/docs | sed "s#$(proj_dst "${proj}")#sources#"
+                --init \
+                --interactive \
+                --name "${DOCS_CONTAINER}" \
+                --platform linux/amd64 \
+                --rm \
+                --tty \
+                ${volumes} \
+                "${DOCS_IMAGE}" \
+                "--minAlertLevel=${VALE_MINALERTLEVEL}" \
+                --config=/etc/vale/.vale.ini \
+                --output=line \
+                /hugo/content/docs | sed "s#$(proj_dst "${proj}")#sources#"
     ;;
   *)
     tempfile="$(mktemp -t make-docs.XXX)"
@@ -417,33 +478,38 @@ EOF
     volumes="${volumes} --volume=$(realpath "${tempfile}"):/entrypoint"
     readonly volumes
 
-    echo
-    echo "Documentation will be served at the following URLs:"
-    for x in ${url_src_dst_vers}; do
-      IFS='^' read -r url _ _ <<POSIX_HERESTRING
-$x
-POSIX_HERESTRING
+    IFS='' read -r cmd <<EOF
+${PODMAN} run \
+  --env=HUGO_REFLINKSERRORLEVEL=${HUGO_REFLINKSERRORLEVEL} \
+  --init \
+  --interactive \
+  --name=${DOCS_CONTAINER} \
+  --platform=linux/amd64 \
+  --publish=${DOCS_HOST_PORT}:3002 \
+  --publish=3003:3003 \
+  --rm \
+  --tty \
+  ${volumes} \
+  ${DOCS_IMAGE} \
+  /entrypoint
+EOF
+    await_build http://localhost:3002 &
 
-      if [ -n "${url}" ]; then
-        if [ "${_url}" != "arbitrary" ]; then
-          echo "  ${url}"
-        fi
-      fi
-    done
-
-    echo
-    "${PODMAN}" run \
-      --env "HUGO_REFLINKSERRORLEVEL=${HUGO_REFLINKSERRORLEVEL}" \
-      --init \
-      --interactive \
-      --name "${DOCS_CONTAINER}" \
-      --platform linux/amd64 \
-      --publish "${DOCS_HOST_PORT}:3002" \
-      --publish "3003:3003" \
-      --rm \
-      --tty \
-      ${volumes} \
-      "${DOCS_IMAGE}" \
-      /entrypoint
+    if [ -n "${DEBUG}" ]; then
+      ${cmd}
+    else
+      ${cmd} 2>&1| sed \
+                     -e '/Web Server is available at http:\/\/localhost:3003\/ (bind address 0.0.0.0)/ d' \
+                     -e '/^hugo server/ d' \
+                     -e '/fatal: not a git repository (or any parent up to mount point \/)/ d' \
+                     -e '/Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set)./ d' \
+                     -e "/Makefile:[0-9]*: warning: overriding recipe for target 'docs'/ d" \
+                     -e "/docs.mk:[0-9]*: warning: ignoring old recipe for target 'docs'/ d" \
+                     -e '/\/usr\/bin\/make -j 2 proxy hserver-docs HUGO_PORT=3003/ d' \
+                     -e '/website-proxy/ d' \
+                     -e '/rm -rf dist*/ d' \
+                     -e '/Press Ctrl+C to stop/ d' \
+                     -e '/make/ d' || echo
+    fi
     ;;
 esac

docs/sources/_index.md

@@ -226,7 +226,7 @@ title: Grafana documentation
         </div>
         <h5>Grafana Cloud</h5>
     </a>
-    <a href="https://grafana.com/grafana/nightly?edition=oss" class="nav-cards__item nav-cards__item--install">
+    <a href="https://grafana.com/grafana/download/nightly?edition=oss" class="nav-cards__item nav-cards__item--install">
         <div class="nav-cards__icon fa fa-moon-o">
         </div>
         <h5>Nightly builds</h5>

docs/sources/administration/back-up-grafana/index.md

@@ -0,0 +1,15 @@
+---
+description: Describes how to back up a locally provisioned Grafana instance.
+keywords:
+  - grafana
+  - backup
+labels:
+  products:
+    - enterprise
+    - oss
+title: Back up Grafana
+weight: 80
+menuTitle: Back up Grafana
+---
+
+{{< docs/shared lookup="back-up/back-up-grafana.md" source="grafana" version="<GRAFANA VERSION>" >}}

docs/sources/alerting/fundamentals/contact-points/index.md

@@ -1,8 +1,8 @@
 ---
 aliases:
-  - /docs/grafana/latest/alerting/contact-points/
-  - /docs/grafana/latest/alerting/unified-alerting/contact-points/
-  - /docs/grafana/latest/alerting/fundamentals/contact-points/contact-point-types/
+  - ../contact-points/
+  - ../unified-alerting/contact-points/
+  - contact-point-types/
 description: Create or edit contact point
 keywords:
   - grafana

docs/sources/dashboards/manage-dashboards/index.md

@@ -53,6 +53,8 @@ Folders help you organize and group dashboards, which is useful when you have ma
 1. On the Dashboards page, click **New** and select **New folder** in the dropdown.
 1. Enter a unique name and click **Create**.
 
+   Do not use the name of a folder that has already been provisioned (such as "General") and avoid special characters (except underscores and hyphens).
+
 When you save a dashboard, you can either select a folder for the dashboard to be saved in or create a new folder.
 
 ## Manage dashboards

docs/sources/dashboards/variables/_index.md

@@ -58,3 +58,6 @@ The following dashboards in Grafana Play provide examples of template variables:
 
 - Variable drop-down lists are displayed in the order they are listed in the variable list in Dashboard settings.
 - Put the variables that you will change often at the top, so they will be shown first (far left on the dashboard).
+- By default, variables don't have a default value. This means that the topmost value in the drop-down is always preselected. If you want to pre-populate a variable with an empty value, you can use the following workaround in the variable settings:
+  1. Select the **Include All Option** checkbox.
+  2. In the **Custom all value** field, enter a value like `+`.

docs/sources/dashboards/variables/add-template-variables/index.md

@@ -90,6 +90,7 @@ Query expressions can contain references to other variables and in effect create
    - **On Time Range Change:** Queries the data source when the dashboard time range changes. Only use this option if your variable options query contains a time range filter or is dependent on the dashboard time range.
 1. In the **Query** field, enter a query.
    - The query field varies according to your data source. Some data sources have custom query editors.
+   - Make sure that the query returns values named `__text` and `__value` as appropriate in your query syntax. For example, in SQL, you can use a query such as `SELECT hostname AS __text, id AS __value FROM MyTable`. Queries for other languages will vary depending on syntax.
    - If you need more room in a single input field query editor, then hover your cursor over the lines in the lower right corner of the field and drag downward to expand.
 1. (Optional) In the **Regex** field, type a regex expression to filter or capture specific parts of the names returned by your data source query. To see examples, refer to [Filter variables with regex]({{< relref "#filter-variables-with-regex" >}}).
 1. In the **Sort** list, select the sort order for values to be displayed in the dropdown list. The default option, **Disabled**, means that the order of options returned by your data source query will be used.

docs/sources/datasources/_index.md

@@ -47,7 +47,7 @@ For example, this video demonstrates the visual Prometheus query builder:
 
 {{< vimeo 720004179 >}}
 
-For general information about querying in Grafana, and common options and user interface elements across all query editors, refer to [Query and transform data]({{< relref "../panels-visualizations/query-transform-data/" >}}).
+For general information about querying in Grafana, and common options and user interface elements across all query editors, refer to [Query and transform data]({{< relref "../panels-visualizations/query-transform-data" >}}).
 
 ## Special data sources
 

docs/sources/datasources/azure-monitor/_index.md

@@ -58,6 +58,9 @@ For more information, refer to [Azure documentation for role assignments](https:
 If you host Grafana in Azure, such as in App Service or Azure Virtual Machines, you can configure the Azure Monitor data source to use Managed Identity for secure authentication without entering credentials into Grafana.
 For details, refer to [Configuring using Managed Identity]({{< relref "#configuring-using-managed-identity" >}}).
 
+You can configure the Azure Monitor data source to use Workload Identity for secure authentication without entering credentials into Grafana if you host Grafana in a Kubernetes environment, such as AKS, and require access to Azure resources.
+For details, refer to [Configuring using Workload Identity](#configuring-using-workload-identity).
+
 | Name                        | Description                                                                                                                                                                                                                                                                                           |
 | --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | **Authentication**          | Enables Managed Identity. Selecting Managed Identity hides many of the other fields. For details, see [Configuring using Managed Identity](#configuring-using-managed-identity).                                                                                                                      |
@@ -109,6 +112,21 @@ datasources:
     version: 1
 ```
 
+**Workload Identity:**
+
+```yaml
+apiVersion: 1 # config file version
+
+datasources:
+  - name: Azure Monitor
+    type: grafana-azure-monitor-datasource
+    access: proxy
+    jsonData:
+      azureAuthType: workloadidentity
+      subscriptionId: <subscription-id> # Optional, default subscription
+    version: 1
+```
+
 #### Supported cloud names
 
 | Azure Cloud                          | `cloudName` Value          |
@@ -119,8 +137,8 @@ datasources:
 
 ### Configure Managed Identity
 
-If you host Grafana in Azure, such as an App Service or with Azure Virtual Machines, and have managed identity enabled on your VM, you can use managed identity to configure Azure Monitor in Grafana.
-This lets you securely authenticate data sources without manually configuring credentials via Azure AD App Registrations for each.
+You can use managed identity to configure Azure Monitor in Grafana if you host Grafana in Azure (such as an App Service or with Azure Virtual Machines) and have managed identity enabled on your VM.
+This lets you securely authenticate data sources without manually configuring credentials via Azure AD App Registrations.
 For details on Azure managed identities, refer to the [Azure documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview).
 
 **To enable managed identity for Grafana:**
@@ -136,7 +154,46 @@ For details on Azure managed identities, refer to the [Azure documentation](http
 
    This hides the directory ID, application ID, and client secret fields, and the data source uses managed identity to authenticate to Azure Monitor Metrics and Logs, and Azure Resource Graph.
 
-   {{< figure src="/media/docs/grafana/data-sources/screenshot-managed-identity.png" max-width="800px" class="docs-image--no-shadow" caption="Azure Monitor Metrics screenshot showing Dimensions" >}}
+   {{< figure src="/media/docs/grafana/data-sources/screenshot-managed-identity-2.png" max-width="800px" class="docs-image--no-shadow" caption="Azure Monitor screenshot showing Managed Identity authentication" >}}
+
+3. You can set the `managed_identity_client_id` field in the `[azure]` section of the [Grafana server configuration][configure-grafana-azure] to allow a user-assigned managed identity to be used instead of the default system-assigned identity.
+
+```ini
+[azure]
+managed_identity_enabled = true
+managed_identity_client_id = USER_ASSIGNED_IDENTITY_CLIENT_ID
+```
+
+### Configure Workload Identity
+
+You can use workload identity to configure Azure Monitor in Grafana if you host Grafana in a Kubernetes environment, such as AKS, in conjunction with managed identities.
+This lets you securely authenticate data sources without manually configuring credentials via Azure AD App Registrations.
+For details on workload identity, refer to the [Azure workload identity documentation](https://azure.github.io/azure-workload-identity/docs/).
+
+**To enable workload identity for Grafana:**
+
+1. Set the `workload_identity_enabled` flag in the `[azure]` section of the [Grafana server configuration][configure-grafana-azure].
+
+   ```ini
+   [azure]
+   workload_identity_enabled = true
+   ```
+
+2. In the Azure Monitor data source configuration, set **Authentication** to **Workload Identity**.
+
+   This hides the directory ID, application ID, and client secret fields, and the data source uses workload identity to authenticate to Azure Monitor Metrics and Logs, and Azure Resource Graph.
+
+   {{< figure src="/media/docs/grafana/data-sources/screenshot-workload-identity.png" max-width="800px" class="docs-image--no-shadow" caption="Azure Monitor screenshot showing Workload Identity authentication" >}}
+
+3. There are additional configuration variables that can control the authentication method.`workload_identity_tenant_id` represents the Azure AD tenant that contains the managed identity, `workload_identity_client_id` represents the client ID of the managed identity if it differs from the default client ID, `workload_identity_token_file` represents the path to the token file. Refer to the [documentation](https://azure.github.io/azure-workload-identity/docs/) for more information on what values these variables should use, if any.
+
+   ```ini
+   [azure]
+   workload_identity_enabled = true
+   workload_identity_tenant_id = IDENTITY_TENANT_ID
+   workload_identity_client_id = IDENTITY_CLIENT_ID
+   workload_identity_token_file = TOKEN_FILE_PATH
+   ```
 
 ## Query the data source
 

docs/sources/datasources/google-cloud-monitoring/query-editor/index.md

@@ -134,7 +134,7 @@ The default values for "cloud monitoring auto" are:
 
 The other automatic option is "grafana auto", which automatically sets the Group By time depending on the time range chosen and width of the time series panel.
 
-For more information about "grafana auto", refer to [Interval variable]({{< relref "../../../dashboards/variables/add-template-variables/#add-an-interval-variable" >}}).
+For more information about "grafana auto", refer to [Interval variable]({{< relref "../../../dashboards/variables/add-template-variables#add-an-interval-variable" >}}).
 
 You can also choose fixed time intervals to group by, like `1h` or `1d`.
 

docs/sources/datasources/influxdb/_index.md

@@ -17,7 +17,7 @@ weight: 700
 
 # InfluxDB data source
 
-{{< docs/shared "influxdb/intro.md" >}}
+{{< docs/shared lookup="influxdb/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 Grafana includes built-in support for InfluxDB.
 This topic explains options, variables, querying, and other features specific to the InfluxDB data source, which include its [feature-rich code editor for queries and visual query builder]({{< relref "./query-editor/" >}}).

docs/sources/datasources/loki/template-variables/index.md

@@ -47,3 +47,29 @@ For more information, refer to [Add ad hoc filters]({{< relref "../../../dashboa
 You can use some global built-in variables in query variables: `$__interval`, `$__interval_ms`, `$__range`, `$__range_s`, and `$__range_ms`.
 
 For more information, refer to [Global built-in variables]({{< relref "../../../dashboards/variables/add-template-variables#global-variables" >}}).
+
+## Label extraction and indexing in Loki
+
+Labels play a fundamental role in Loki's log aggregation and querying capabilities. When logs are ingested into Loki, they are often accompanied by metadata called labels, which provide contextual information about the log entries. These labels consist of key-value pairs and are essential for organizing, filtering, and searching log data efficiently.
+
+### 1. Label extraction
+
+During the ingestion process, Loki performs label extraction from the log lines. Loki's approach to label extraction is based on regular expressions, allowing users to specify custom patterns for parsing log lines and extracting relevant label key-value pairs. This flexibility enables Loki to adapt to various log formats and schemas.
+
+For example, suppose you have log lines in the following format:
+
+**2023-07-25 12:34:56 INFO: Request from IP A.B.C.D to endpoint /api/data**
+
+To extract labels from this log format, you could define a regular expression to extract the log level ("INFO"), IP address ("A.B.C.D"), and endpoint ("/api/data") as labels. These labels can later be used to filter and aggregate log entries.
+
+### 2. Indexing labels
+
+Once labels are extracted, Loki efficiently indexes them. The index serves as a lookup mechanism that maps labels to the corresponding log entries. This indexing process enables faster retrieval of logs based on specific label criteria, significantly enhancing query performance.
+
+For instance, if you have a label "job" that represents different services in your application, Loki will index the logs for each job separately. This indexing allows you to quickly query and analyze logs for individual jobs without the need to scan the entire log dataset.
+
+By effectively extracting and indexing labels, Loki enables users to perform complex and targeted log queries without compromising on query speed and resource consumption.
+
+Utilizing Loki's indexed labels in combination with Grafana's template variables provides a powerful way to interactively explore and visualize log data. Template variables allow users to create dynamic queries, selecting and filtering logs based on various labels, such as job names, instance IDs, severity levels, or any other contextual information attached to the log entries.
+
+In conclusion, Loki's label extraction and indexing mechanisms are key components that contribute to its ability to handle vast amounts of log data efficiently. By making use of labels and template variables, users can easily gain valuable insights from their log data and troubleshoot issues effectively.

docs/sources/datasources/mysql/_index.md

@@ -460,7 +460,7 @@ ORDER BY atimestamp ASC
 
 #### Disabling Quoting for Multi-value Variables
 
-Grafana automatically creates a quoted, comma-separated string for multi-value variables. For example: if `server01` and `server02` are selected then it will be formatted as: `'server01', 'server02'`. Do disable quoting, use the csv formatting option for variables:
+Grafana automatically creates a quoted, comma-separated string for multi-value variables. For example: if `server01` and `server02` are selected then it will be formatted as: `'server01', 'server02'`. To disable quoting, use the csv formatting option for variables:
 
 `${servers:csv}`
 

docs/sources/datasources/tempo/query-editor/index.md

@@ -75,7 +75,7 @@ You can create TraceQL queries using the Query editor or using Search query tab
 
 [//]: # 'Include content for preview of Search tab featuring TraceQL query builder'
 
-{{< docs/shared source="grafana" lookup="datasources/tempo-search-traceql.md" leveloffset="+1" >}}
+{{< docs/shared source="grafana" lookup="datasources/tempo-search-traceql.md" leveloffset="+1" version="<GRAFANA VERSION>" >}}
 
 ## Query Loki for traces
 

docs/sources/developers/http_api/access_control.md

@@ -17,7 +17,7 @@ title: RBAC HTTP API
 
 # RBAC API
 
-> Role-based access control API is only available in Grafana Enterprise. Read more about [Grafana Enterprise]({{< relref "/docs/grafana/latest/introduction/grafana-enterprise" >}}).
+> Role-based access control API is only available in Grafana Cloud or Grafana Enterprise. Read more about [Grafana Enterprise]({{< relref "/docs/grafana/latest/introduction/grafana-enterprise" >}}).
 
 The API can be used to create, update, delete, get, and list roles.
 
@@ -529,7 +529,7 @@ Content-Type: application/json; charset=UTF-8
 For example, if a user does not have required permissions for creating users, they won't be able to unassign a role which will allow to do that. This is done to prevent escalation of privileges.
 
 | Action             | Scope                     |
-| ------------------ | ------------------------- |
+| ------------------ | ------------------------- |
 | users.roles:remove | permissions:type:delegate |
 
 #### Query parameters

docs/sources/developers/http_api/dashboard.md

@@ -57,10 +57,8 @@ Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
 - **dashboard.id** – id = null to create a new dashboard.
 - **dashboard.uid** – Optional unique identifier when creating a dashboard. uid = null will generate a new uid.
 - **dashboard.refresh** - Set the dashboard refresh interval. If this is lower than [the minimum refresh interval]({{< relref "/docs/grafana/latest/setup-grafana/configure-grafana#min_refresh_interval" >}}), then Grafana will ignore it and will enforce the minimum refresh interval.
-- **folderUid** – The UID of the folder to save the dashboard in. Overrides the `folderId`.
 - **folderId** – The id of the folder to save the dashboard in.
 - **folderUid** – The UID of the folder to save the dashboard in. Overrides the `folderId`.
-- **refresh** - Set the dashboard refresh interval. If this is lower than [the minimum refresh interval]({{< relref "/docs/grafana/latest/setup-grafana/configure-grafana#min_refresh_interval" >}}), then Grafana will ignore it and will enforce the minimum refresh interval.
 - **overwrite** – Set to true if you want to overwrite existing dashboard with newer version, same dashboard title in folder or same dashboard uid.
 - **message** - Set a commit message for the version history.
 
@@ -69,169 +67,36 @@ Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
 ```http
 POST /api/dashboards/db HTTP/1.1
 Accept: application/json
-Content-Type: application/json; charset=UTF-8
+Content-Type: application/json
 Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
 
+```
 
 **Example Response**:
 
 ```http
-```http
 HTTP/1.1 200 OK
-Content-Type: application/json; charset=UTF-8
-Content-Length: 78
-
-```
+Content-Type: application/json; charset=UTF-8
 Content-Length: 78
 
-
-- **200** – Created
-- **400** – Errors (invalid json, missing or invalid fields, etc)
+```
+
+Status Codes:
+
 - **200** – Created
 - **400** – Errors (invalid json, missing or invalid fields, etc)
-- **412** – Precondition failed
-
-The **412** status code is used for explaining that you cannot create the dashboard and why.
-There can be different reasons for this:
-
-- The dashboard has been changed by someone else, `status=version-mismatch`
-- A dashboard with the same name in the folder already exists, `status=name-exists`
-- A dashboard with the same uid already exists, `status=name-exists`
-- The dashboard belongs to plugin `<plugin title>`, `status=plugin-dashboard`
-
-The response body will have the following properties:
-
-```http
-HTTP/1.1 412 Precondition Failed
-Content-Type: application/json; charset=UTF-8
-Content-Length: 97
-
-```
-
-In case of title already exists the `status` property will be `name-exists`.
-
-## Get dashboard by uid
-
-`GET /api/dashboards/uid/:uid`
-
-Will return the dashboard given the dashboard unique identifier (uid). Information about the unique identifier of a folder containing the requested dashboard might be found in the metadata.
-
-**Required permissions**
-
-See note in the [introduction]({{< ref "#dashboard-api" >}}) for an explanation.
-
-| Action            | Scope          |
-| ----------------- | -------------- |
-| `dashboards:read` | `dashboards:*` |
-
-**Example Request**:
-
-```http
-GET /api/dashboards/uid/cIBgcSjkk HTTP/1.1
-Accept: application/json
-Content-Type: application/json
-Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
-```
-
-**Example Response**:
-
-```http
-HTTP/1.1 200
-Content-Type: application/json
-
-```
-
-Status Codes:
-
-- **200** – Found
-- **401** – Unauthorized
-- **403** – Access denied
-- **404** – Not found
-
-## Delete dashboard by uid
-
-`DELETE /api/dashboards/uid/:uid`
-
-Will delete the dashboard given the specified unique identifier (uid).
-
-**Required permissions**
-
-See note in the [introduction]({{< ref "#dashboard-api" >}}) for an explanation.
-
-| Action              | Scope                         |
-| ------------------- | ----------------------------- |
-| `dashboards:delete` | `dashboards:*`<br>`folders:*` |
-
-**Example Request**:
-
-```http
-DELETE /api/dashboards/uid/cIBgcSjkk HTTP/1.1
-Accept: application/json
-Content-Type: application/json
-Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
-```
-
-**Example Response**:
-
-```http
-HTTP/1.1 200
-Content-Type: application/json
-
-```
-
-Status Codes:
-
-- **200** – Deleted
-- **401** – Unauthorized
-- **403** – Access denied
-- **404** – Not found
-
-## Gets the home dashboard
-
-`GET /api/dashboards/home`
-
-Will return the home dashboard.
-
-**Example Request**:
-
-```http
-GET /api/dashboards/home HTTP/1.1
-Accept: application/json
-Content-Type: application/json
-Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
-```
-
-**Example Response**:
-
-```http
-HTTP/1.1 200
-Content-Type: application/json
-
-```
-
-## Tags for Dashboard
-
-`GET /api/dashboards/tags`
-
-Get all tags of dashboards
-
-**Example Request**:
-
-```http
-GET /api/dashboards/tags HTTP/1.1
-Accept: application/json
-Content-Type: application/json
-Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
-```
-
-**Example Response**:
-
-```http
-HTTP/1.1 200
-Content-Type: application/json
-
-```
-
+- **401** – Unauthorized
+- **403** – Access denied
+- **412** – Precondition failed
+
+The **412** status code is used for explaining that you cannot create the dashboard and why.
+There can be different reasons for this:
+
+- The dashboard has been changed by someone else, `status=version-mismatch`
+- A dashboard with the same name in the folder already exists, `status=name-exists`
+- A dashboard with the same uid already exists, `status=name-exists`
+- The dashboard belongs to plugin `<plugin title>`, `status=plugin-dashboard`
+
 The response body will have the following properties:
 
 ```http
@@ -243,12 +108,12 @@ Content-Type: application/json; charset=UTF-8
 
 In case of title already exists the `status` property will be `name-exists`.
 
-  "id":      1,
-  "uid":     "cIBgcSjkk",
-  "url":     "/d/cIBgcSjkk/production-overview",
-  "status":  "success",
-  "version": 1,
-  "slug":    "production-overview" //deprecated in Grafana v5.0
+## Get dashboard by uid
+
+`GET /api/dashboards/uid/:uid`
+
+Will return the dashboard given the dashboard unique identifier (uid). Information about the unique identifier of a folder containing the requested dashboard might be found in the metadata.
+
 **Required permissions**
 
 See note in the [introduction]({{< ref "#dashboard-api" >}}) for an explanation.

docs/sources/developers/http_api/library_element.md

@@ -30,14 +30,14 @@ Returns a list of all library elements the authenticated user has permission to
 
 Query parameters:
 
-- **searchString** – Part of the name or description searched for.
-- **kind** – Kind of element to search for. Use `1` for library panels or `2` for library variables.
-- **sortDirection** – Sort order of elements. Use `alpha-asc` for ascending and `alpha-desc` for descending sort order.
-- **typeFilter** – A comma separated list of types to filter the elements by.
-- **excludeUid** – Element UID to exclude from search results.
-- **folderFilter** – A comma separated list of folder ID(s) to filter the elements by.
-- **perPage** – The number of results per page; default is 100.
-- **page** – The page for a set of records, given that only `perPage` records are returned at a time. Numbering starts at `1`.
+- `searchString`: Part of the name or description searched for.
+- `kind`: Kind of element to search for. Use `1` for library panels or `2` for library variables.
+- `sortDirection`: Sort order of elements. Use `alpha-asc` for ascending and `alpha-desc` for descending sort order.
+- `typeFilter`: A comma separated list of types to filter the elements by.
+- `excludeUid`: Element UID to exclude from search results.
+- `folderFilter`: A comma separated list of folder IDs to filter the elements by.
+- `perPage`: The number of results per page; default is 100.
+- `page`: The page for a set of records, given that only `perPage` records are returned at a time. Numbering starts at `1`.
 
 **Example Request**:
 
@@ -98,8 +98,8 @@ Content-Type: application/json
 
 **Example Request**:
 
-```http
-GET /api/library-elements/name/API docs Example HTTP/1.1
+```http
+GET /api/library-elements/name/API docs Example HTTP/1.1
 Accept: application/json
 Content-Type: application/json
 Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
@@ -157,9 +157,9 @@ Content-Type: application/json
 JSON Body schema:
 
 - `folderId`: ID of the folder where the library element is stored. It is deprecated since Grafana v9
-- **folderUid** – Optional, the UID of the folder where the library element is stored, empty string when it is General folder
-- **name** – Optional, the name of the library element.
-- **model** – The JSON model for the library element.
+- `folderUid`: Optional, the UID of the folder where the library element is stored, empty string when it is General folder
+- `name`: Optional, the name of the library element.
+- `model`: The JSON model for the library element.
 - `kind`: Kind of element to create, Use `1` for library panels or `2` for library variables.
 - `uid`: Optional, the [unique identifier](/http_api/library_element/#identifier-id-vs-unique-identifier-uid).
 
@@ -219,9 +219,9 @@ Content-Type: application/json
 ```http
 HTTP/1.1 200
 Content-Type: application/json
-
-```
-
+
+```
+
 Status Codes:
 
 - `200`: Updated
@@ -265,9 +265,9 @@ Content-Type: application/json
 - `403`: Access denied
 - `404`: Library element not found
 
-- **200** – Found
-- **401** – Unauthorized
-- **404** – Library element not found
+- `200`: Found
+- `401`: Unauthorized
+- `404`: Library element not found
 
 ## Create library element
 
@@ -277,12 +277,12 @@ Creates a new library element.
 
 JSON Body schema:
 
-- **folderId** – ID of the folder where the library element is stored. It is deprecated since Grafana v9
-- **folderUid** – Optional, the UID of the folder where the library element is stored, empty string when it is General folder
-- **name** – Optional, the name of the library element.
-- **model** – The JSON model for the library element.
-- **kind** – Kind of element to create, Use `1` for library panels or `2` for library variables.
-- **uid** – Optional, the [unique identifier](/http_api/library_element/#identifier-id-vs-unique-identifier-uid).
+- `folderId`: ID of the folder where the library element is stored. It is deprecated since Grafana v9
+- `folderUid`: Optional, the UID of the folder where the library element is stored, empty string when it is General folder
+- `name`: Optional, the name of the library element.
+- `model`: The JSON model for the library element.
+- `kind`: Kind of element to create, Use `1` for library panels or `2` for library variables.
+- `uid`: Optional, the [unique identifier](/http_api/library_element/#identifier-id-vs-unique-identifier-uid).
 
 **Example Request**:
 
@@ -343,10 +343,10 @@ Content-Type: application/json
 
 Status Codes:
 
-- **200** – Created
-- **400** – Errors (for example, name or UID already exists, invalid JSON, missing or invalid fields, and so on).
-- **401** – Unauthorized
-- **403** – Access denied
+- `200`: Created
+- `400`: Errors (for example, name or UID already exists, invalid JSON, missing or invalid fields, and so on).
+- `401`: Unauthorized
+- `403`: Access denied
 
 ## Update library element
 
@@ -356,13 +356,13 @@ Updates an existing library element identified by uid.
 
 JSON Body schema:
 
-- **folderId** – ID of the folder where the library element is stored. It is deprecated since Grafana v9
-- **folderUid** – UID of the folder where the library element is stored, empty string when it is General folder.
-- **name** – Name of the library element.
-- **model** – The JSON model for the library element.
-- **kind** – Kind of element to create. Use `1` for library panels or `2` for library variables.
-- **version** – Version of the library element you are updating.
-- **uid** – Optional, the [unique identifier](/http_api/library_element/#identifier-id-vs-unique-identifier-uid).
+- `folderId`: ID of the folder where the library element is stored. It is deprecated since Grafana v9
+- `folderUid`: UID of the folder where the library element is stored, empty string when it is General folder.
+- `name`: Name of the library element.
+- `model`: The JSON model for the library element.
+- `kind`: Kind of element to create. Use `1` for library panels or `2` for library variables.
+- `version`: Version of the library element you are updating.
+- `uid`: Optional, the [unique identifier](/http_api/library_element/#identifier-id-vs-unique-identifier-uid).
 
 **Example Request**:
 
@@ -424,12 +424,12 @@ Content-Type: application/json
 
 Status Codes:
 
-- **200** – Updated
-- **400** – Errors (for example, name or UID already exists, invalid JSON, missing or invalid fields, and so on).
-- **401** – Unauthorized
-- **403** – Access denied
-- **404** – Library element not found
-- **412** – Version mismatch
+- `200`: Updated
+- `400`: Errors (for example, name or UID already exists, invalid JSON, missing or invalid fields, and so on).
+- `401`: Unauthorized
+- `403`: Access denied
+- `404`: Library element not found
+- `412`: Version mismatch
 
 ## Delete library element
 
@@ -463,8 +463,8 @@ Content-Type: application/json
 
 Status Codes:
 
-- **200** – Deleted
-- **401** – Unauthorized
-- **400** – Bad request
-- **403** – Access denied
-- **404** – Library element not found
+- `200`: Deleted
+- `401`: Unauthorized
+- `400`: Bad request
+- `403`: Access denied
+- `404`: Library element not found

docs/sources/fundamentals/_index.md

@@ -9,8 +9,8 @@ weight: 8
 
 This section provides basic information about observability topics in general and Grafana in particular. These topics will help people who are just starting out with observability and monitoring.
 
-{{< docs/shared "basics/what-is-grafana.md" >}}
+{{< docs/shared lookup="basics/what-is-grafana.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
-{{< docs/shared "basics/grafana-cloud.md" >}}
+{{< docs/shared lookup="basics/grafana-cloud.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
-{{< docs/shared "basics/grafana-enterprise.md" >}}
+{{< docs/shared lookup="basics/grafana-enterprise.md" source="grafana" version="<GRAFANA VERSION>" >}}

docs/sources/fundamentals/dashboards-overview/index.md

@@ -38,7 +38,7 @@ A Grafana plugin is software that adds new capabilities to Grafana. They come in
 
 The data coming into the plugin from the data source might be in many different formats (such as JSON, rows and columns, or CSV), but when it leaves the plugin and moves through the rest of the gates toward a visualization, it's always in data frames.
 
-Currently, Grafana offers a diverse range of 155 data sources that you can use. The most commonly used options are already pre-installed and accessible. Before exploring other options, look for an existing data source that matches your requirements. Grafana constantly updates the list, but if you don't find a suitable data source, you can browse through the [plugin catalog](/grafana/plugins/?type=datasource) or [create a plugin](/tutorials/build-a-data-source-plugin/).
+Currently, Grafana offers a diverse range of 155 data sources that you can use. The most commonly used options are already pre-installed and accessible. Before exploring other options, look for an existing data source that matches your requirements. Grafana constantly updates the list, but if you don't find a suitable data source, you can browse through the [plugin catalog](/grafana/plugins/?type=datasource) or [create a plugin][create-plugin].
 
 ## Queries
 
@@ -90,6 +90,9 @@ And with the data source identified and the plugin installed, you can write your
 This component architecture is part of what makes Grafana so powerful and general. Given the data source plugin and data frame abstraction, any data source you can access can work with the same general approach.
 
 {{% docs/reference %}}
+[create-plugin]: "/docs/grafana/ -> /docs/grafana/<GRAFANA VERSION>/developers/plugins/create-a-grafana-plugin/"
+[create-plugin]: "/docs/grafana-cloud/ -> /docs/grafana/<GRAFANA VERSION>/developers/plugins/create-a-grafana-plugin/"
+
 [data-frames]: "/docs/grafana/ -> /docs/grafana/<GRAFANA VERSION>/developers/plugins/data-frames"
 [data-frames]: "/docs/grafana-cloud/ -> /docs/grafana/<GRAFANA VERSION>/developers/plugins/data-frames"
 

docs/sources/fundamentals/intro-to-prometheus/index.md

@@ -59,7 +59,7 @@ The following gauge visualization displays the total RAM usage on a computer.
 
 The third metric type is called a `histogram`, which counts observations and organizes them into configurable groups. The following example displays floating-point numbers grouped into ranges that display how frequently each occurred.
 
-{{< figure src="/media/docs/grafana/intro-prometheus/histogram-example.png" max-width="750px" caption="Historgram visualization" >}}
+{{< figure src="/media/docs/grafana/intro-prometheus/histogram-example.png" max-width="750px" caption="Histogram visualization" >}}
 
 These core concepts of time series, metrics, labels, and aggregation functions are foundational to Grafana and observability.
 

docs/sources/getting-started/_index.md

@@ -7,6 +7,6 @@ weight: 9
 
 # Get started
 
-This section provides guidance on how build your first dashboard after you have installed Grafana. It also provides step-by-step instructions on how to add a Prometheus, InfluxDB, or an MS SQL Server data source. Refer to [Data sources]({{< relref "../administration/data-source-management/" >}}) for a list of all supported data sources.
+This section provides guidance on how build your first dashboard after you have installed Grafana. It also provides step-by-step instructions on how to add a Prometheus, InfluxDB, or an MS SQL Server data source. Refer to [Data sources]({{< relref "../datasources" >}}) for a list of all supported data sources.
 
 {{< section >}}

docs/sources/getting-started/get-started-grafana-influxdb.md

@@ -8,7 +8,7 @@ weight: 400
 
 # Get started with Grafana and InfluxDB
 
-{{< docs/shared "influxdb/intro.md" >}}
+{{< docs/shared lookup="influxdb/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 #### Get InfluxDB
 

docs/sources/introduction/grafana-enterprise.md

@@ -31,7 +31,7 @@ Supported auth providers:
 - [Auth Proxy]({{< relref "../setup-grafana/configure-security/configure-authentication/auth-proxy#team-sync-enterprise-only" >}})
 - [Azure AD OAuth]({{< relref "../setup-grafana/configure-security/configure-authentication/azuread#team-sync-enterprise-only" >}})
 - [GitHub OAuth]({{< relref "../setup-grafana/configure-security/configure-authentication/github#configure-team-synchronization" >}})
-- [GitLab OAuth]({{< relref "../setup-grafana/configure-security/configure-authentication/gitlab#team-sync-enterprise-only" >}})
+- [GitLab OAuth]({{< relref "../setup-grafana/configure-security/configure-authentication/gitlab#configure-team-synchronization" >}})
 - [LDAP]({{< relref "../setup-grafana/configure-security/configure-authentication/enhanced-ldap#ldap-group-synchronization-for-teams" >}})
 - [Okta]({{< relref "../setup-grafana/configure-security/configure-authentication/okta#configure-team-synchronization-enterprise-only" >}})
 - [SAML]({{< relref "../setup-grafana/configure-security/configure-authentication/saml#configure-team-sync" >}})

docs/sources/old-alerting/_index.md

@@ -24,4 +24,4 @@ You can perform the following tasks for alerts:
 - [Test alert rules and troubleshoot]({{< relref "troubleshoot-alerts/" >}})
 - [Add or edit an alert contact point]({{< relref "notifications/" >}})
 
-{{< docs/shared "alerts/grafana-managed-alerts.md" >}}
+{{< docs/shared lookup="alerts/grafana-managed-alerts.md" source="grafana" version="<GRAFANA VERSION>" >}}

docs/sources/panels-visualizations/configure-data-links/index.md

@@ -30,7 +30,9 @@ To see a list of available variables, type `$` in the data link **URL** field to
 
 > **Note:** These variables changed in 6.4 so if you have an older version of Grafana, then use the version picker to select docs for an older version of Grafana.
 
-You can also use template variables in your data links URLs, refer to [Templates and variables]({{< relref "../../dashboards/variables/" >}}) for more information on template variables.
+Azure Monitor, [CloudWatch]({{< relref "../../datasources/aws-cloudwatch/query-editor/#deep-link-grafana-panels-to-the-cloudwatch-console-1" >}}), and [Google Cloud Monitoring]({{< relref "../../datasources/google-cloud-monitoring/query-editor/#deep-link-from-grafana-panels-to-the-google-cloud-console-metrics-explorer" >}}) have pre-configured data links called _deep links_.
+
+You can also use template variables in your data links URLs, refer to [Templates and variables][] for more information on template variables.
 
 ## Time range panel variables
 

docs/sources/panels-visualizations/configure-panel-options/index.md

@@ -88,7 +88,7 @@ You can configure Grafana to dynamically add panels or rows to a dashboard. A dy
 
 > **Note:** Repeating panels require variables to have one or more items selected; you cannot repeat a panel zero times to hide it.
 
-To see an example of repeating panels, refer to [Prometheus dashboard with repeating panels](https://play.grafana.org/d/000000036/prometheus-repeat).
+To see an example of repeating panels, refer to [this dashboard with repeating panels](https://play.grafana.org/d/testdata-repeating/testdata-repeating-panels?orgId=1).
 
 **Before you begin:**
 

docs/sources/panels-visualizations/visualizations/annotations/index.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - ../../features/panels/anotations/
+  - ../../features/panels/annotations/
   - ../../panels/visualizations/annotations/
   - ../../visualizations/annotations/
 description: Annotations visualization documentation
@@ -10,7 +10,7 @@ keywords:
   - panel
   - documentation
 title: Annotations
-weight: 105
+weight: 100
 ---
 
 # Annotations

docs/sources/panels-visualizations/visualizations/bar-chart/index.md

@@ -10,7 +10,7 @@ keywords:
   - panel
   - barchart
 title: Bar chart
-weight: 170
+weight: 100
 ---
 
 # Bar chart
@@ -122,9 +122,9 @@ Transparency of the gradient is calculated based on the values on the y-axis. Op
 
 Gradient color is generated based on the hue of the line color.
 
-{{< docs/shared "visualizations/tooltip-mode.md" >}}
+{{< docs/shared lookup="visualizations/tooltip-mode.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
-{{< docs/shared "visualizations/legend-mode.md" >}}
+{{< docs/shared lookup="visualizations/legend-mode.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ### Legend calculations
 
@@ -183,3 +183,5 @@ Set a **Soft min** or **soft max** option for better control of Y-axis limits. B
 **Soft min** and **soft max** settings can prevent blips from turning into mountains when the data is mostly flat, and hard min or max derived from standard min and max field options can prevent intermittent spikes from flattening useful detail by clipping the spikes past a defined point.
 
 You can set standard min/max options to define hard limits of the Y-axis. For more information, refer to [Standard options definitions]({{< relref "../../configure-standard-options/#max" >}}).
+
+{{< docs/shared lookup="visualizations/multiple-y-axes.md" source="grafana" version="<GRAFANA VERSION>" leveloffset="+2" >}}

docs/sources/panels-visualizations/visualizations/bar-gauge/index.md

@@ -9,7 +9,7 @@ keywords:
   - bar
   - bar gauge
 title: Bar gauge
-weight: 200
+weight: 100
 ---
 
 # Bar gauge

docs/sources/panels-visualizations/visualizations/candlestick/index.md

@@ -11,7 +11,7 @@ keywords:
   - panel
   - documentation
 title: Candlestick
-weight: 600
+weight: 100
 ---
 
 # Candlestick

docs/sources/panels-visualizations/visualizations/canvas/index.md

@@ -9,7 +9,7 @@ keywords:
   - panel
   - documentation
 title: Canvas
-weight: 600
+weight: 100
 ---
 
 # Canvas

docs/sources/panels-visualizations/visualizations/dashboard-list/index.md

@@ -11,7 +11,7 @@ keywords:
   - panel
   - dashlist
 title: Dashboard list
-weight: 300
+weight: 100
 ---
 
 # Dashboard list

docs/sources/panels-visualizations/visualizations/flame-graph/index.md

@@ -8,7 +8,7 @@ keywords:
   - panels
   - flame graph
 title: Flame graph
-weight: 850
+weight: 100
 ---
 
 # Flame graph panel

docs/sources/panels-visualizations/visualizations/gauge/index.md

@@ -9,7 +9,7 @@ keywords:
   - gauge
   - gauge panel
 title: Gauge
-weight: 400
+weight: 100
 ---
 
 # Gauge

docs/sources/panels-visualizations/visualizations/geomap/index.md

@@ -28,7 +28,7 @@ keywords:
   - panel
   - documentation
 title: Geomap
-weight: 600
+weight: 100
 ---
 
 # Geomap

docs/sources/panels-visualizations/visualizations/heatmap/index.md

@@ -9,7 +9,7 @@ keywords:
   - panel
   - documentation
 title: Heatmap
-weight: 600
+weight: 100
 ---
 
 # Heatmap
@@ -74,6 +74,8 @@ This setting configures the axis value.
 
 When selected, the axis appears in reverse order.
 
+{{< docs/shared lookup="visualizations/multiple-y-axes.md" source="grafana" version="<GRAFANA VERSION>" leveloffset="+2" >}}
+
 ## Colors
 
 The color spectrum controls the mapping between value count (in each bucket) and the color assigned to each bucket. The leftmost color on the spectrum represents the minimum count and the color on the right most side represents the maximum count. Some color schemes are automatically inverted when using the light theme.

docs/sources/panels-visualizations/visualizations/histogram/index.md

@@ -11,7 +11,7 @@ keywords:
   - panel
   - barchart
 title: Histogram
-weight: 605
+weight: 100
 ---
 
 # Histogram
@@ -66,9 +66,9 @@ Transparency of the gradient is calculated based on the values on the Y-axis. Th
 
 Gradient color is generated based on the hue of the line color.
 
-{{< docs/shared "visualizations/tooltip-mode.md" >}}
+{{< docs/shared lookup="visualizations/tooltip-mode.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
-{{< docs/shared "visualizations/legend-mode.md" >}}
+{{< docs/shared lookup="visualizations/legend-mode.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ### Legend calculations
 

docs/sources/panels-visualizations/visualizations/logs/index.md

@@ -11,7 +11,7 @@ keywords:
   - panels
   - logs panel
 title: Logs panel
-weight: 700
+weight: 100
 ---
 
 # Logs panel

docs/sources/panels-visualizations/visualizations/news/index.md

@@ -9,7 +9,7 @@ keywords:
   - panels
   - news panel
 title: News
-weight: 800
+weight: 100
 ---
 
 ## News

docs/sources/panels-visualizations/visualizations/node-graph/index.md

@@ -10,7 +10,7 @@ keywords:
   - node graph
   - directed graph
 title: Node graph
-weight: 850
+weight: 100
 ---
 
 # Node graph panel

docs/sources/panels-visualizations/visualizations/pie-chart/index.md

@@ -6,7 +6,7 @@ keywords:
   - grafana
   - pie chart
 title: Pie chart
-weight: 850
+weight: 100
 ---
 
 # Pie chart
@@ -72,9 +72,9 @@ The following example shows a pie chart with **Name** and **Percent** labels dis
 
 ![Pie chart labels](/static/img/docs/pie-chart-panel/pie-chart-labels-7-5.png)
 
-{{< docs/shared "visualizations/tooltip-mode.md" >}}
+{{< docs/shared lookup="visualizations/tooltip-mode.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
-{{< docs/shared "visualizations/legend-mode.md" >}}
+{{< docs/shared lookup="visualizations/legend-mode.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ### Legend values
 

docs/sources/panels-visualizations/visualizations/stat/index.md

@@ -11,7 +11,7 @@ keywords:
   - docs
   - stat panel
 title: Stat
-weight: 900
+weight: 100
 ---
 
 # Stat

docs/sources/panels-visualizations/visualizations/state-timeline/index.md

@@ -9,7 +9,7 @@ keywords:
   - state timeline
   - panel
 title: State timeline
-weight: 900
+weight: 100
 ---
 
 # State timeline
@@ -62,4 +62,4 @@ The panel can be used with time series data as well. In this case, the threshold
 
 When the legend option is enabled it can show either the value mappings or the threshold brackets. To show the value mappings in the legend, it's important that the `Color scheme` as referenced in [Color scheme]({{< relref "../../configure-standard-options/#color-scheme" >}}) is set to `Single color` or `Classic palette`. To see the threshold brackets in the legend set the `Color scheme` to `From thresholds`.
 
-{{< docs/shared "visualizations/legend-mode.md" >}}
+{{< docs/shared lookup="visualizations/legend-mode.md" source="grafana" version="<GRAFANA VERSION>" >}}

docs/sources/panels-visualizations/visualizations/status-history/index.md

@@ -9,7 +9,7 @@ keywords:
   - status history
   - panel
 title: Status history
-weight: 900
+weight: 100
 ---
 
 # Status history
@@ -59,4 +59,4 @@ use gradient color schemes to color values.
 
 When the legend option is enabled it can show either the value mappings or the threshold brackets. To show the value mappings in the legend, it's important that the `Color scheme` as referenced in [Color scheme]({{< relref "../../configure-standard-options/#color-scheme" >}}) is set to `Single color` or `Classic palette`. To see the threshold brackets in the legend set the `Color scheme` to `From thresholds`.
 
-{{< docs/shared "visualizations/legend-mode.md" >}}
+{{< docs/shared lookup="visualizations/legend-mode.md" source="grafana" version="<GRAFANA VERSION>" >}}

docs/sources/panels-visualizations/visualizations/table/index.md

@@ -18,7 +18,7 @@ keywords:
   - filter columns
 menuTitle: Table
 title: Table
-weight: 1000
+weight: 100
 ---
 
 # Table

docs/sources/panels-visualizations/visualizations/text/index.md

@@ -10,7 +10,7 @@ keywords:
   - documentation
   - panel
 title: Text
-weight: 1100
+weight: 100
 ---
 
 # Text

docs/sources/panels-visualizations/visualizations/time-series/index.md

@@ -25,7 +25,7 @@ keywords:
   - guide
   - graph
 title: Time series
-weight: 90
+weight: 10
 ---
 
 # Time series
@@ -40,13 +40,13 @@ The time series visualization type is the default and primary way to visualize t
 
 Tooltip options control the information overlay that appears when you hover over data points in the graph.
 
-{{< docs/shared "visualizations/tooltip-mode.md" >}}
+{{< docs/shared lookup="visualizations/tooltip-mode.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Legend options
 
 Legend options control the series names and statistics that appear under or to the right of the graph.
 
-{{< docs/shared "visualizations/legend-mode.md" >}}
+{{< docs/shared lookup="visualizations/legend-mode.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Graph styles
 
@@ -88,7 +88,7 @@ Gradient mode specifies the gradient fill, which is based on the series color. T
 - **None:** No gradient fill. This is the default setting.
 - **Opacity:** An opacity gradient where the opacity of the fill increases as Y-axis values increase.
 - **Hue:** A subtle gradient that is based on the hue of the series color.
-- **Scheme:** A color gradient defined by your [Color scheme]({{< relref "../../configure-standard-options/#color-scheme" >}}). This setting is used for the fill area and line. For more information about scheme, refer to [Scheme gradient mode]({{< relref "#cheme-gradient-mode"  >}}).
+- **Scheme:** A color gradient defined by your [Color scheme]({{< relref "../../configure-standard-options/#color-scheme" >}}). This setting is used for the fill area and line. For more information about scheme, refer to [Scheme gradient mode]({{< relref "#scheme-gradient-mode"  >}}).
 
 Gradient appearance is influenced by the **Fill opacity** setting. The following image show, the **Fill opacity** is set to 50.
 
@@ -141,7 +141,7 @@ Choose how null values, which are gaps in the data, appear on the graph. Null va
 
 ### Stack series
 
-_Stacking_ allows Grafana to display series on top of each other. Be cautious when using stacking in the visualization as it can easily create misleading graphs. To read more about why stacking might not be the best approach, refer to [Stacked Area Graphs Are Not Your Friend](https://everydayanalytics.ca/2014/08/stacked-area-graphs-are-not-your-friend.html).
+_Stacking_ allows Grafana to display series on top of each other. Be cautious when using stacking in the visualization as it can easily create misleading graphs. To read more about why stacking might not be the best approach, refer to [The issue with stacking](https://www.data-to-viz.com/caveat/stacking.html).
 
 ![Stack option](/static/img/docs/time-series-panel/stack-option-v9.png)
 
@@ -224,6 +224,8 @@ Use this option to transform the series values without affecting the values show
 
 > **Note:** The transform option is only available as an override.
 
+{{< docs/shared lookup="visualizations/multiple-y-axes.md" source="grafana" version="<GRAFANA VERSION>" leveloffset="+2" >}}
+
 ## Color options
 
 By default, the graph uses the standard [Color scheme]({{< relref "../../configure-standard-options/#color-scheme" >}}) option to assign series colors. You can also use the legend to open the color picker by clicking the legend series color icon. Setting

docs/sources/panels-visualizations/visualizations/traces/index.md

@@ -8,7 +8,7 @@ keywords:
   - panels
   - traces
 title: Traces
-weight: 850
+weight: 100
 ---
 
 # Traces panel

docs/sources/setup-grafana/configure-grafana/_index.md

@@ -144,6 +144,8 @@ environment variable `HOSTNAME`, if that is empty or does not exist Grafana will
 
 Force migration will run migrations that might cause data loss. Default is `false`.
 
+Set force_migration=true in your grafana.ini and restart Grafana to roll back and delete Unified Alerting configuration data. Any alert rules created while using Unified Alerting will be deleted by rolling back.
+
 <hr />
 
 ## [paths]
@@ -1103,6 +1105,32 @@ The client ID to use for user-assigned managed identity.
 
 Should be set for user-assigned identity and should be empty for system-assigned identity.
 
+### workload_identity_enabled
+
+Specifies whether Azure AD Workload Identity authentication should be enabled in datasources that support it.
+
+For more documentation on Azure AD Workload Identity, review [Azure AD Workload Identity](https://azure.github.io/azure-workload-identity/docs/) documentation.
+
+Disabled by default, needs to be explicitly enabled.
+
+### workload_identity_tenant_id
+
+Tenant ID of the Azure AD Workload Identity.
+
+Allows to override default tenant ID of the Azure AD identity associated with the Kubernetes service account.
+
+### workload_identity_client_id
+
+Client ID of the Azure AD Workload Identity.
+
+Allows to override default client ID of the Azure AD identity associated with the Kubernetes service account.
+
+### workload_identity_token_file
+
+Custom path to token file for the Azure AD Workload Identity.
+
+Allows to set a custom path to the projected service account token file.
+
 ## [auth.jwt]
 
 Refer to [JWT authentication]({{< relref "../configure-security/configure-authentication/jwt/" >}}) for more information.

docs/sources/setup-grafana/configure-grafana/enterprise-configuration/index.md

@@ -464,7 +464,7 @@ The default is `25`.
 
 ### url
 
-The full Redis URL of your Redis server. For example: `redis://username:password@localhost:6379`. To enable TLS, use the `redis` scheme.
+The full Redis URL of your Redis server. For example: `redis://username:password@localhost:6379`. To enable TLS, use the `rediss` scheme.
 
 The default is `"redis://localhost:6379"`.
 
@@ -475,7 +475,9 @@ If you use the full Redis URLs, then you can specify the scheme, username, and p
 
 > **Note:** If you have specify `cluster`, the value for `url` is ignored.
 
-> **Note:** You can enable TLS for cluster mode using the `redis` scheme in Grafana Enterprise v8.5 and later versions.
+{{% admonition type="note" %}}
+You can enable TLS for cluster mode using the `rediss` scheme in Grafana Enterprise v8.5 and later versions.
+{{% /admonition %}}
 
 ### prefix
 

docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md

@@ -14,7 +14,7 @@ weight: 700
 
 # Configure generic OAuth2 authentication
 
-{{< docs/shared "auth/intro.md" >}}
+{{< docs/shared lookup="auth/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 Grafana provides OAuth2 integrations for the following auth providers:
 

docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md

@@ -14,7 +14,7 @@ weight: 900
 
 # Configure GitHub OAuth2 authentication
 
-{{< docs/shared "auth/intro.md" >}}
+{{< docs/shared lookup="auth/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 This topic describes how to configure GitHub OAuth2 authentication.
 
@@ -141,7 +141,7 @@ For example, `https://github.com/orgs/grafana/teams/developers` or `@grafana/dev
 
 To learn more about Team Sync, refer to [Configure team sync]({{< relref "../../configure-team-sync" >}}).
 
-## Examples of GitHub configuration in Grafana
+## Example of GitHub configuration in Grafana
 
 This section includes an example of GitHub configuration in the Grafana configuration file.
 

docs/sources/setup-grafana/configure-security/configure-authentication/gitlab/index.md

@@ -7,95 +7,95 @@ keywords:
   - configuration
   - documentation
   - oauth
-title: Configure GitLab OAuth2 authentication
+labels:
+  products:
+    - cloud
+    - enterprise
+    - oss
 menuTitle: GitLab OAuth2
+title: Configure GitLab OAuth2 authentication
 weight: 1000
 ---
 
 # Configure GitLab OAuth2 authentication
 
-To enable GitLab OAuth2 you must register the application in GitLab. GitLab will generate a client ID and secret key for you to use.
+{{< docs/shared lookup="auth/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
-## Create GitLab OAuth keys
+This topic describes how to configure GitLab OAuth2 authentication.
 
-You need to [create a GitLab OAuth application](https://docs.gitlab.com/ce/integration/oauth_provider.html).
-Choose a descriptive _Name_, and use the following _Redirect URI_:
+## Before you begin
 
-```
-https://grafana.example.com/login/gitlab
-```
+To follow this guide:
 
-where `https://grafana.example.com` is the URL you use to connect to Grafana.
-Adjust it as needed if you don't use HTTPS or if you use a different port; for
-instance, if you access Grafana at `http://203.0.113.31:3000`, you should use
+- Ensure that you have access to the [Grafana configuration file]({{< relref "../../../configure-grafana#configuration-file-location" >}}).
+- Ensure you know how to create a GitLab OAuth application. Consult GitLab's documentation on [creating a GitLab OAuth application](https://docs.gitlab.com/ee/integration/oauth_provider.html) for more information.
 
-```
-http://203.0.113.31:3000/login/gitlab
-```
+## Steps
 
-Finally, select `read_api` as the scope and submit the form. Note that if you're
-not going to use GitLab groups for authorization (i.e. not setting
-`allowed_groups`, see below), you can select `read_user` instead of `read_api` as
-the scope, thus giving a more restricted access to your GitLab API.
+To configure GitLab authentication with Grafana, follow these steps:
 
-You'll get an _Application Id_ and a _Secret_ in return; we'll call them
-`GITLAB_APPLICATION_ID` and `GITLAB_SECRET` respectively for the rest of this
-section.
+1. Create an OAuth application in GitLab.
 
-## Enable GitLab in Grafana
+   1. Set the redirect URI to `http://<my_grafana_server_name_or_ip>:<grafana_server_port>/login/gitlab`.
 
-Add the following to your Grafana configuration file to enable GitLab
-authentication:
+      Ensure that the Redirect URI is the complete HTTP address that you use to access Grafana via your browser, but with the appended path of `/login/gitlab`.
 
-```bash
-[auth.gitlab]
-enabled = true
-allow_sign_up = true
-auto_login = false
-client_id = GITLAB_APPLICATION_ID
-client_secret = GITLAB_SECRET
-scopes = read_api
-auth_url = https://gitlab.com/oauth/authorize
-token_url = https://gitlab.com/oauth/token
-api_url = https://gitlab.com/api/v4
-allowed_groups =
-role_attribute_path =
-role_attribute_strict = false
-allow_assign_grafana_admin = false
-tls_skip_verify_insecure = false
-tls_client_cert =
-tls_client_key =
-tls_client_ca =
-use_pkce = true
-```
+      For the Redirect URI to be correct, it might be necessary to set the `root_url` option in the `[server]`section of the Grafana configuration file. For example, if you are serving Grafana behind a proxy.
 
-You may have to set the `root_url` option of `[server]` for the callback URL to be
-correct. For example in case you are serving Grafana behind a proxy.
+   1. Set the OAuth2 scopes to `api`.
 
-Restart the Grafana backend for your changes to take effect.
+1. Refer to the following table to update field values located in the `[auth.gitlab]` section of the Grafana configuration file:
 
-If you use your own instance of GitLab instead of `gitlab.com`, adjust
-`auth_url`, `token_url` and `api_url` accordingly by replacing the `gitlab.com`
-hostname with your own.
+   | Field                        | Description                                                                                  |
+   | ---------------------------- | -------------------------------------------------------------------------------------------- |
+   | `client_id`, `client_secret` | These values must match the client ID and client secret from your GitLab OAuth2 application. |
+   | `enabled`                    | Enables GitLab authentication. Set this value to `true`.                                     |
 
-With `allow_sign_up` set to `false`, only existing users will be able to login
-using their GitLab account, but with `allow_sign_up` set to `true`, _any_ user
-who can authenticate on GitLab will be able to login on your Grafana instance;
-if you use the public `gitlab.com`, it means anyone in the world would be able
-to login on your Grafana instance.
+   Review the list of other GitLab [configuration options]({{< relref "#configuration-options" >}}) and complete them, as necessary.
 
-You can limit access to only members of a given group or list of
-groups by setting the `allowed_groups` option.
+1. Optional: [Configure a refresh token]({{< relref "#configure-a-refresh-token" >}}):
 
-You can also specify the SSL/TLS configuration used by the client.
+   a. Enable `accessTokenExpirationCheck` feature toggle.
 
-- Set `tls_client_cert` to the path of the certificate.
-- Set `tls_client_key` to the path containing the key.
-- Set `tls_client_ca` to the path containing a trusted certificate authority list.
+   b. Set `use_refresh_token` to `true` in `[auth.gitlab]` section in Grafana configuration file.
 
-`tls_skip_verify_insecure` controls whether a client verifies the server's certificate chain and host name. If it is true, then SSL/TLS accepts any certificate presented by the server and any host name in that certificate. _You should only use this for testing_, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.
+1. [Configure role mapping]({{< relref "#configure-role-mapping" >}}).
+1. Optional: [Configure team synchronization]({{< relref "#configure-team-synchronization" >}}).
+1. Restart Grafana.
 
-### Configure refresh token
+   You should now see a GitLab login button on the login page and be able to log in or sign up with your GitLab accounts.
+
+## Configuration options
+
+The table below describes all GitLab OAuth configuration options. Like any other Grafana configuration, you can apply these options as environment variables.
+
+| Setting                      | Required | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | Default                              |
+| ---------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ |
+| `enabled`                    | Yes      | Whether GitLab OAuth authentication is allowed.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | `false`                              |
+| `client_id`                  | Yes      | Client ID provided by your GitLab OAuth app.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |                                      |
+| `client_secret`              | Yes      | Client secret provided by your GitLab OAuth app.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |                                      |
+| `auth_url`                   | Yes      | Authorization endpoint of your GitLab OAuth provider. If you use your own instance of GitLab instead of gitlab.com, adjust `auth_url` by replacing the `gitlab.com` hostname with your own.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | `https://gitlab.com/oauth/authorize` |
+| `token_url`                  | Yes      | Endpoint used to obtain GitLab OAuth access token. If you use your own instance of GitLab instead of gitlab.com, adjust `token_url` by replacing the `gitlab.com` hostname with your own.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | `https://gitlab.com/oauth/token`     |
+| `api_url`                    | Yes      | Grafana uses `<api_url>/user` endpoint to obtain GitLab user information compatible with [OpenID UserInfo](https://connect2id.com/products/server/docs/api/userinfo).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | `https://gitlab.com/api/v4`          |
+| `name`                       | No       | Name used to refer to the GitLab authentication in the Grafana user interface.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | `GitLab`                             |
+| `icon`                       | No       | Icon used for GitLab authentication in the Grafana user interface.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | `gitlab`                             |
+| `scopes`                     | No       | List of comma- or space-separated GitLab OAuth scopes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | `api`                                |
+| `allow_sign_up`              | No       | Whether to allow new Grafana user creation through GitLab login. If set to `false`, then only existing Grafana users can log in with GitLab OAuth.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | `true`                               |
+| `auto_login`                 | No       | Set to `true` to enable users to bypass the login screen and automatically log in. This setting is ignored if you configure multiple auth providers to use auto-login.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | `false`                              |
+| `role_attribute_path`        | No       | [JMESPath](http://jmespath.org/examples.html) expression to use for Grafana role lookup. Grafana will first evaluate the expression using the GitLab OAuth token. If no role is found, Grafana creates a JSON data with `groups` key that maps to groups obtained from GitLab's `/oauth/userinfo` endpoint, and evaluates the expression using this data. Finally, if a valid role is still not found, the expression is evaluated against the user information retrieved from `api_url/users` endpoint and groups retrieved from `api_url/groups` endpoint. The result of the evaluation should be a valid Grafana role (`Viewer`, `Editor`, `Admin` or `GrafanaAdmin`). For more information on user role mapping, refer to [Configure role mapping]({{< relref "#configure-role-mapping" >}}). |                                      |
+| `role_attribute_strict`      | No       | Set to `true` to deny user login if the Grafana role cannot be extracted using `role_attribute_path`. For more information on user role mapping, refer to [Configure role mapping]({{< relref "#configure-role-mapping" >}}).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | `false`                              |
+| `allow_assign_grafana_admin` | No       | Set to `true` to enable automatic sync of the Grafana server administrator role. If this option is set to `true` and the result of evaluating `role_attribute_path` for a user is `GrafanaAdmin`, Grafana grants the user the server administrator privileges and organization administrator role. If this option is set to `false` and the result of evaluating `role_attribute_path` for a user is `GrafanaAdmin`, Grafana grants the user only organization administrator role. For more information on user role mapping, refer to [Configure role mapping]({{< relref "#configure-role-mapping" >}}).                                                                                                                                                                                        | `false`                              |
+| `skip_org_role_sync`         | No       | Set to `true` to stop automatically syncing user roles.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | `false`                              |
+| `allowed_domains`            | No       | List of comma- or space-separated domains. User must belong to at least one domain to log in.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |                                      |
+| `allowed_groups`             | No       | List of comma- or space-separated groups. The user should be a member of at least one group to log in.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |                                      |
+| `tls_skip_verify_insecure`   | No       | If set to `true`, the client accepts any certificate presented by the server and any host name in that certificate. _You should only use this for testing_, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | `false`                              |
+| `tls_client_cert`            | No       | The path to the certificate.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |                                      |
+| `tls_client_key`             | No       | The path to the key.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |                                      |
+| `tls_client_ca`              | No       | The path to the trusted certificate authority list.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |                                      |
+| `use_pkce`                   | No       | Set to `true` to use [Proof Key for Code Exchange (PKCE)](https://datatracker.ietf.org/doc/html/rfc7636). Grafana uses the SHA256 based `S256` challenge method and a 128 bytes (base64url encoded) code verifier.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | `true`                               |
+| `use_refresh_token`          | No       | Set to `true` to use refresh token and check access token expiration. The `accessTokenExpirationCheck` feature toggle should also be enabled to use refresh token.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | `true`                               |
+
+### Configure a refresh token
 
 > Available in Grafana v9.3 and later versions.
 
@@ -107,170 +107,99 @@ Grafana uses a refresh token to obtain a new access token without requiring the
 
 By default, GitLab provides a refresh token.
 
-### allowed_groups
+Refresh token fetching and access token expiration check is enabled by default for the GitLab provider since Grafana v10.1.0 if the `accessTokenExpirationCheck` feature toggle is enabled. If you would like to disable access token expiration check then set the `use_refresh_token` configuration value to `false`.
+
+> **Note:** The `accessTokenExpirationCheck` feature toggle will be removed in Grafana v10.2.0 and the `use_refresh_token` configuration value will be used instead for configuring refresh token fetching and access token expiration check.
+
+### Configure allowed groups
 
 To limit access to authenticated users that are members of one or more [GitLab
 groups](https://docs.gitlab.com/ce/user/group/index.html), set `allowed_groups`
-to a comma- or space-separated list of groups. For instance, if you want to
-only give access to members of the `example` group, set
+to a comma- or space-separated list of groups.
+
+GitLab's groups are referenced by the group name. For example, `developers`. To reference a subgroup `frontend`, use `developers/frontend`.
+Note that in GitLab, the group or subgroup name does not always match its display name, especially if the display name contains spaces or special characters.
+Make sure you always use the group or subgroup name as it appears in the URL of the group or subgroup.
+
+## Configure role mapping
+
+Unless `skip_org_role_sync` option is enabled, the user's role will be set to the role retrieved from GitLab upon user login.
+
+The user's role is retrieved using a [JMESPath](http://jmespath.org/examples.html) expression from the `role_attribute_path` configuration option.
+To map the server administrator role, use the `allow_assign_grafana_admin` configuration option.
+Refer to [configuration options]({{< relref "#configuration-options" >}}) for more information.
+
+If no valid role is found, the user is assigned the role specified by [the `auto_assign_org_role` option]({{< relref "../../../configure-grafana#auto_assign_org_role" >}}).
+You can disable this default role assignment by setting `role_attribute_strict = true`.
+This setting denies user access if no role or an invalid role is returned.
+
+To ease configuration of a proper JMESPath expression, go to [JMESPath](http://jmespath.org/) to test and evaluate expressions with custom payloads.
+
+### Role mapping examples
+
+This section includes examples of JMESPath expressions used for role mapping.
+
+#### Map roles using user information from OAuth token
+
+In this example, the user with email `admin@company.com` has been granted the `Admin` role.
+All other users are granted the `Viewer` role.
 
 ```ini
-allowed_groups = example
+role_attribute_path = email=='admin@company.com' && 'Admin' || 'Viewer'
 ```
 
-If you want to also give access to members of the subgroup `bar`, which is in
-the group `foo`, set
-
-```ini
-allowed_groups = example, foo/bar
-```
-
-To put values containing spaces in the list, use the following JSON syntax:
-
-```ini
-allowed_groups = ["Admins", "Software Engineers"]
-```
-
-Note that in GitLab, the group or subgroup name doesn't always match its
-display name, especially if the display name contains spaces or special
-characters. Make sure you always use the group or subgroup name as it appears
-in the URL of the group or subgroup.
-
-Here's a complete example with `allow_sign_up` enabled, with access limited to
-the `example` and `foo/bar` groups. The example also promotes all GitLab Admins to Grafana organization admins:
-
-```ini
-[auth.gitlab]
-enabled = true
-allow_sign_up = true
-auto_login = false
-client_id = GITLAB_APPLICATION_ID
-client_secret = GITLAB_SECRET
-scopes = read_api
-auth_url = https://gitlab.com/oauth/authorize
-token_url = https://gitlab.com/oauth/token
-api_url = https://gitlab.com/api/v4
-allowed_groups = example, foo/bar
-role_attribute_path = is_admin && 'Admin' || 'Viewer'
-role_attribute_strict = true
-allow_assign_grafana_admin = false
-tls_skip_verify_insecure = false
-tls_client_cert =
-tls_client_key =
-tls_client_ca =
-use_pkce = true
-```
-
-### PKCE
-
-IETF's [RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636)
-introduces "proof key for code exchange" (PKCE) which provides
-additional protection against some forms of authorization code
-interception attacks. PKCE will be required in [OAuth 2.1](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-03).
-
-> You can disable PKCE in Grafana by setting `use_pkce` to `false` in the`[auth.gitlab]` section.
-
-```
-use_pkce = true
-```
-
-Grafana always uses the SHA256 based `S256` challenge method and a 128 bytes (base64url encoded) code verifier.
-
-### Configure automatic login
-
-Set `auto_login` option to true to attempt login automatically, skipping the login screen.
-This setting is ignored if multiple auth providers are configured to use auto login.
-
-```
-auto_login = true
-```
-
-### Map roles
-
-You can use GitLab OAuth to map roles. During mapping, Grafana checks for the presence of a role using the [JMESPath](http://jmespath.org/examples.html) specified via the `role_attribute_path` configuration option.
-
-For the path lookup, Grafana uses JSON obtained from querying GitLab's API [`/api/v4/user`](https://docs.gitlab.com/ee/api/users.html#list-current-user-for-normal-users) endpoint and a `groups` key containing all of the user's teams. The result of evaluating the `role_attribute_path` JMESPath expression must be a valid Grafana role, for example, `Viewer`, `Editor` or `Admin`. For more information about roles and permissions in Grafana, refer to [Roles and permissions]({{< relref "../../../../administration/roles-and-permissions" >}}).
-
-{{% admonition type="warning" %}}
-Currently if no organization role mapping is found for a user, Grafana doesn't
-update the user's organization role. This is going to change in Grafana 10. To avoid overriding manually set roles,
-enable the `skip_org_role_sync` option.
-See [Configure Grafana]({{< relref "../../../configure-grafana#authgitlab" >}}) for more information.
-{{% /admonition %}}
-
-On first login, if the`role_attribute_path` property does not return a role, then the user is assigned the role
-specified by [the `auto_assign_org_role` option]({{< relref "../../../configure-grafana#auto_assign_org_role" >}}).
-You can disable this default role assignment by setting `role_attribute_strict = true`.
-It denies user access if no role or an invalid role is returned.
-
-{{% admonition type="warning" %}}
-With Grafana 10, **on every login**, if the`role_attribute_path` property does not return a role,
-then the user is assigned the role specified by
-[the `auto_assign_org_role` option]({{< relref "../../../configure-grafana#auto_assign_org_role" >}}).
-{{% /admonition %}}
-
-An example Query could look like the following:
-
-```ini
-role_attribute_path = is_admin && 'Admin' || 'Viewer'
-```
-
-This allows every GitLab Admin to be an Admin in Grafana.
-
 #### Map roles using groups
 
-Groups can also be used to map roles. Group name (lowercased and unique) is used instead of display name for identifying groups
-
-For instance, if you have a group with display name 'Example-Group' you can use the following snippet to
-ensure those members inherit the role 'Editor'.
+In this example, the user from GitLab group 'example-group' have been granted the `Editor` role.
+All other users are granted the `Viewer` role.
 
 ```ini
 role_attribute_path = contains(groups[*], 'example-group') && 'Editor' || 'Viewer'
 ```
 
-Note: If a match is found in other fields, groups will be ignored.
+#### Map server administrator role
 
-#### Map server administrator privileges
+In this example, the user with email `admin@company.com` has been granted the `Admin` organization role as well as the Grafana server admin role.
+All other users are granted the `Viewer` role.
 
-> Available in Grafana v9.2 and later versions.
-
-If the application role received by Grafana is `GrafanaAdmin`, Grafana grants the user server administrator privileges.  
-This is useful if you want to grant server administrator privileges to a subset of users.  
-Grafana also assigns the user the `Admin` role of the default organization.
-
-The setting `allow_assign_grafana_admin` under `[auth.gitlab]` must be set to `true` for this to work.  
-If the setting is set to `false`, the user is assigned the role of `Admin` of the default organization, but not server administrator privileges.
-
-```ini
-allow_assign_grafana_admin = true
+```bash
+role_attribute_path = email=='admin@company.com' && 'GrafanaAdmin' || 'Viewer'
 ```
 
-Example:
+## Configure team synchronization
 
-```ini
-role_attribute_path = is_admin && 'GrafanaAdmin' || 'Viewer'
-```
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../../../introduction/grafana-enterprise" >}}) and [Grafana Cloud](/docs/grafana-cloud/).
 
-### Team Sync (Enterprise only)
+By using Team Sync, you can map GitLab groups to teams within Grafana. This will automatically assign users to the appropriate teams.
+Teams for each user are synchronized when the user logs in.
 
-> Only available in Grafana Enterprise v6.4+
+GitLab groups are referenced by the group name. For example, `developers`. To reference a subgroup `frontend`, use `developers/frontend`.
+Note that in GitLab, the group or subgroup name does not always match its display name, especially if the display name contains spaces or special characters.
+Make sure you always use the group or subgroup name as it appears in the URL of the group or subgroup.
 
-With Team Sync you can map your GitLab groups to teams in Grafana so that your users will automatically be added to
-the correct teams.
+To learn more about Team Sync, refer to [Configure team sync]({{< relref "../../configure-team-sync" >}}).
 
-Your GitLab groups can be referenced in the same way as `allowed_groups`, like `example` or `foo/bar`.
+## Example of GitLab configuration in Grafana
 
-[Learn more about Team Sync]({{< relref "../../configure-team-sync" >}})
+This section includes an example of GitLab configuration in the Grafana configuration file.
 
-## Skip organization role sync
-
-To prevent the sync of organization roles from GitLab, set `skip_org_role_sync` to `true`. This is useful if you want to manage the organization roles for your users from within Grafana.
-This also impacts the `allow_assign_grafana_admin` setting by not syncing the Grafana admin role from GitLab.
-
-```ini
+```bash
 [auth.gitlab]
-# ..
-# prevents the sync of org roles from Github
-skip_org_role_sync = true
-``
+enabled = true
+allow_sign_up = true
+auto_login = false
+client_id = YOUR_GITLAB_APPLICATION_ID
+client_secret = YOUR_GITLAB_APPLICATION_SECRET
+scopes = api
+auth_url = https://gitlab.com/oauth/authorize
+token_url = https://gitlab.com/oauth/token
+api_url = https://gitlab.com/api/v4
+role_attribute_path = contains(groups[*], 'example-group') && 'Editor' || 'Viewer'
+role_attribute_strict = false
+allow_assign_grafana_admin = false
+allowed_groups = ["admins", "software engineers", "developers/frontend"]
+allowed_domains = mycompany.com mycompany.org
+tls_skip_verify_insecure = false
+use_pkce = true
+use_refresh_token = true
 ```

docs/sources/setup-grafana/configure-security/configure-authentication/keycloak/index.md

@@ -126,7 +126,7 @@ To enable Single Logout, you need to add the following option to the configurati
 
 ```ini
 [auth]
-signout_redirect_url = https://<PROVIDER_DOMAIN>/auth/realms/<REALM_NAME>/protocol/openid-connect/logout?redirect_uri=https%3A%2F%2<GRAFANA_DOMAIN>%2Flogin
+signout_redirect_url = https://<PROVIDER_DOMAIN>/auth/realms/<REALM_NAME>/protocol/openid-connect/logout?redirect_uri=https%3A%2F%2F<GRAFANA_DOMAIN>%2Flogin
 ```
 
 As an example, `<PROVIDER_DOMAIN>` can be `keycloak-demo.grafana.org`,

docs/sources/setup-grafana/configure-security/configure-authentication/okta/index.md

@@ -9,7 +9,7 @@ weight: 1400
 
 # Configure Okta OAuth2 authentication
 
-{{< docs/shared "auth/intro.md" >}}
+{{< docs/shared lookup="auth/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Before you begin
 
@@ -77,7 +77,7 @@ The following table outlines the various Okta OAuth2 configuration options. You
 | `role_attribute_path`   | No       | [JMESPath](http://jmespath.org/examples.html) expression to use for Grafana role lookup. Grafana will first evaluate the expression using the Okta OAuth2 ID token. If no role is found, the expression will be evaluated using the user information obtained from the UserInfo endpoint. The result of the evaluation should be a valid Grafana role (`Viewer`, `Editor`, `Admin` or `GrafanaAdmin`). For more information on user role mapping, refer to [Configure role mapping]({{< relref "#configure-role-mapping" >}}). |                               |
 | `role_attribute_strict` | No       | Set to `true` to deny user login if the Grafana role cannot be extracted using `role_attribute_path`. For more information on user role mapping, refer to [Configure role mapping]({{< relref "#configure-role-mapping" >}}).                                                                                                                                                                                                                                                                                                  | `false`                       |
 | `skip_org_role_sync`    | No       | Set to `true` to stop automatically syncing user roles. This will allow you to set organization roles for your users from within Grafana manually.                                                                                                                                                                                                                                                                                                                                                                             | `false`                       |
-| `allowed_groups`        | No       | List of comma- or space-separated groups. The user should be a member of at least one group to log in. If you configure `allowed_groups`, you must also configure `groups_attribute_path`.                                                                                                                                                                                                                                                                                                                                     |                               |
+| `allowed_groups`        | No       | List of comma- or space-separated groups. The user should be a member of at least one group to log in.                                                                                                                                                                                                                                                                                                                                                                                                                         |                               |
 | `allowed_domains`       | No       | List comma- or space-separated domains. The user should belong to at least one domain to log in.                                                                                                                                                                                                                                                                                                                                                                                                                               |                               |
 | `use_pkce`              | No       | Set to `true` to use [Proof Key for Code Exchange (PKCE)](https://datatracker.ietf.org/doc/html/rfc7636). Grafana uses the SHA256 based `S256` challenge method and a 128 bytes (base64url encoded) code verifier.                                                                                                                                                                                                                                                                                                             | `false`                       |
 | `use_refresh_token`     | No       | Set to `true` to use refresh token and check access token expiration. The `accessTokenExpirationCheck` feature toggle should also be enabled to use refresh token.                                                                                                                                                                                                                                                                                                                                                             | `false`                       |

docs/sources/setup-grafana/configure-security/configure-authentication/saml/index.md

@@ -108,17 +108,9 @@ An example of how to generate a self-signed certificate and private key that's v
 $ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes​
 ```
 
-Base64-encode the cert.pem and key.pem files:
-(-w0 switch is not needed on Mac, only for Linux)
+The generated `key.pem` and `cert.pem` files are then used for certificate and private_key.
 
-```sh
-$ base64 -w0 key.pem > key.pem.base64
-$ base64 -w0 cert.pem > cert.pem.base64
-```
-
-The base64-encoded values (`key.pem.base64, cert.pem.base64` files) are then used for certificate and private_key.
-
-The keys you provide should look like:
+The key you provide should look like:
 
 ```
 -----BEGIN PRIVATE KEY-----

docs/sources/setup-grafana/configure-security/configure-team-sync.md

@@ -26,7 +26,7 @@ This mechanism allows Grafana to remove an existing synchronized user from a tea
 - [Auth Proxy]({{< relref "./configure-authentication/auth-proxy#team-sync-enterprise-only" >}})
 - [Azure AD]({{< relref "./configure-authentication/azuread#team-sync-enterprise-only" >}})
 - [GitHub OAuth]({{< relref "./configure-authentication/github#configure-team-synchronization" >}})
-- [GitLab OAuth]({{< relref "./configure-authentication/gitlab#team-sync-enterprise-only" >}})
+- [GitLab OAuth]({{< relref "./configure-authentication/gitlab#configure-team-synchronization" >}})
 - [LDAP]({{< relref "./configure-authentication/enhanced-ldap#ldap-group-synchronization-for-teams" >}})
 - [Okta]({{< relref "./configure-authentication/okta#configure-team-synchronization-enterprise-only" >}})
 - [SAML]({{< relref "./configure-authentication/saml#configure-team-sync" >}})

docs/sources/setup-grafana/image-rendering/_index.md

@@ -22,7 +22,7 @@ While an image is being rendered, the PNG image is temporarily written to the fi
 
 A background job runs every 10 minutes and removes temporary images. You can configure how long an image should be stored before being removed by configuring the [temp_data_lifetime]({{< relref "../configure-grafana/#temp_data_lifetime" >}}) setting.
 
-You can also render a PNG by clicking hovering over the panel to display the actions menu in the top right corner, and then clicking **Share > Direct link rendered image** in the Link tab.
+You can also render a PNG by hovering over the panel to display the actions menu in the top right corner, and then clicking **Share > Direct link rendered image** in the Link tab.
 
 ## Alerting and render limits
 
@@ -32,7 +32,7 @@ Alert notifications can include images, but rendering many images at the same ti
 
 > **Note:** Starting from Grafana v7.0.0, all PhantomJS support has been removed. Please use the Grafana Image Renderer plugin or remote rendering service.
 
-To install the plugin, refer to the [Grafana Image Renderer Installation instructions](https://grafana.com/grafana/plugins/grafana-image-renderer#installation).
+To install the plugin, refer to the [Grafana Image Renderer Installation instructions](/grafana/plugins/grafana-image-renderer/?tab=installation#installation).
 
 ## Configuration
 
@@ -80,7 +80,7 @@ AUTH_TOKEN=-
 }
 ```
 
-See the [Grafana configuration]({{< relref "../configure-grafana/#renderer_token" >}}) for how to configure the token in Grafana.
+See [Grafana configuration]({{< relref "../configure-grafana#renderer_token" >}}) for how to configure the token in Grafana.
 
 ### Rendering mode
 
@@ -320,7 +320,7 @@ CHROME_BIN="/usr/bin/chromium-browser"
 
 #### Start browser with additional arguments
 
-Additional arguments to pass to the headless browser instance. Defaults are `--no-sandbox,--disable-gpu`. The list of Chromium flags can be found [here](https://peter.sh/experiments/chromium-command-line-switches/) and the list of flags used as defaults by Puppeteer can be found [there](https://github.com/puppeteer/puppeteer/blob/main/src/node/Launcher.ts#L172). Multiple arguments is separated with comma-character.
+Additional arguments to pass to the headless browser instance. Defaults are `--no-sandbox,--disable-gpu`. The list of Chromium flags can be found [here](https://peter.sh/experiments/chromium-command-line-switches/) and the list of flags used as defaults by Puppeteer can be found [there](https://cri.dev/posts/2020-04-04-Full-list-of-Chromium-Puppeteer-flags/). Multiple arguments is separated with comma-character.
 
 ```bash
 RENDERING_ARGS=--no-sandbox,--disable-setuid-sandbox,--disable-dev-shm-usage,--disable-accelerated-2d-canvas,--disable-gpu,--window-size=1280x758

docs/sources/setup-grafana/installation/kubernetes/index.md

@@ -9,114 +9,645 @@ weight: 500
 
 # Deploy Grafana on Kubernetes
 
-This page explains how to install and run Grafana on Kubernetes (K8S). It uses Kubernetes manifests for the setup. If you prefer Helm, refer to the [Grafana Helm community charts](https://github.com/grafana/helm-charts).
+On this page, you will find instructions for installing and running Grafana on Kubernetes using Kubernetes manifests for the setup. If Helm is your preferred option, refer to [Grafana Helm community charts](https://github.com/grafana/helm-charts).
+
+## Before you begin
+
+To follow this guide:
+
+- You need the latest version of [Kubernetes](https://kubernetes.io/) running either locally or remotely on a public or private cloud.
+
+- If you plan to use it in a local environment, you can use various Kubernetes options such as [minikube](https://minikube.sigs.k8s.io/docs/), [kind](https://kind.sigs.k8s.io/), [Docker Desktop](https://docs.docker.com/desktop/kubernetes/), and others.
+
+- If you plan to use Kubernetes in a production setting, it's recommended to utilize managed cloud services like [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine), [Amazon Elastic Kubernetes Service (EKS)](https://aws.amazon.com/eks/), or [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-us/products/kubernetes-service/).
+
+## System requirements
+
+This section provides minimum hardware and software requirements.
+
+### Minimum Hardware Requirements
+
+- Disk space: 1 GB
+- Memory: 750 MiB (approx 750 MB)
+- CPU: 2500m (approx 2.5 cores)
+
+### Supported databases
+
+For a list of supported databases, refer to [supported databases](/docs/grafana/latest/setup-grafana/installation#supported-databases).
+
+### Supported web browsers
+
+For a list of support web browsers, refer to [supported web browsers](/docs/grafana/latest/setup-grafana/installation#supported-web-browsers).
+
+{{% admonition type="note" %}}
+Enable port `3000` in your network environment, as this is the Grafana default port.
+{{% /admonition %}}
 
 ## Deploy Grafana OSS on Kubernetes
 
-This section explains how to install Grafana using Kubernetes.
-If you are interested in the Grafana Enterprise version of this information, see [Deploy Grafana Enterprise on Kubernetes](#deploy-grafana-enterprise-on-kubernetes).
+This section explains how to install Grafana OSS using Kubernetes. If you want to install Grafana Enterprise on Kubernetes, refer to [Deploy Grafana Enterprise on Kubernetes](#deploy-grafana-enterprise-on-kubernetes).
 
-### Create a Grafana Kubernetes manifest
+If you deploy an application in Kubernetes, it will use the default namespace which may already have other applications running. This can result in conflicts and other issues.
 
-1. Create a file called `grafana.yaml`.
-1. Copy and paste the following contents and save the file.
+It is recommended to create a new namespace in Kubernetes to better manage, organize, allocate, and manage cluster resources. For more information about Namespaces, refer to the official [Kubernetes documentation](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/).
 
-```yaml
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: grafana-pvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: grafana
-  name: grafana
-spec:
-  selector:
-    matchLabels:
-      app: grafana
-  template:
-    metadata:
-      labels:
-        app: grafana
-    spec:
-      securityContext:
-        fsGroup: 472
-        supplementalGroups:
-          - 0
-      containers:
-        - name: grafana
-          image: grafana/grafana:9.1.0
-          imagePullPolicy: IfNotPresent
-          ports:
-            - containerPort: 3000
-              name: http-grafana
-              protocol: TCP
-          readinessProbe:
-            failureThreshold: 3
-            httpGet:
-              path: /robots.txt
-              port: 3000
-              scheme: HTTP
-            initialDelaySeconds: 10
-            periodSeconds: 30
-            successThreshold: 1
-            timeoutSeconds: 2
-          livenessProbe:
-            failureThreshold: 3
-            initialDelaySeconds: 30
-            periodSeconds: 10
-            successThreshold: 1
-            tcpSocket:
-              port: 3000
-            timeoutSeconds: 1
-          resources:
-            requests:
-              cpu: 250m
-              memory: 750Mi
-          volumeMounts:
-            - mountPath: /var/lib/grafana
-              name: grafana-pv
-      volumes:
-        - name: grafana-pv
-          persistentVolumeClaim:
-            claimName: grafana-pvc
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: grafana
-spec:
-  ports:
-    - port: 3000
-      protocol: TCP
-      targetPort: http-grafana
-  selector:
-    app: grafana
-  sessionAffinity: None
-  type: LoadBalancer
+1. To create a namespace, run the following command:
+
+   ```bash
+   kubectl create namespace my-grafana
+   ```
+
+   In this example, the namespace is `my-grafana`
+
+1. To verify and view the newly created namespace, run the following command:
+
+   ```bash
+   kubectl get namespace my-grafana
+   ```
+
+   The output of the command provides more information about the newly created namespace.
+
+1. Create a YAML manifest file named `grafana.yaml`. This file will contain the necessary code for deployment.
+
+   ```bash
+   touch grafana.yaml
+   ```
+
+   In the next step you define the following three objects in the YAML file.
+
+   | Object                        | Description                                                                                                                   |
+   | ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------- |
+   | Persistent Volume Claim (PVC) | This object stores the data.                                                                                                  |
+   | Service                       | This object provides network access to the Pod defined in the deployment.                                                     |
+   | Deployment                    | This object is responsible for creating the pods, ensuring they stay up to date, and managing Replicaset and Rolling updates. |
+
+1. Copy and paste the following contents and save it in the `grafana.yaml` file.
+
+   ```yaml
+   ---
+   apiVersion: v1
+   kind: PersistentVolumeClaim
+   metadata:
+     name: grafana-pvc
+   spec:
+     accessModes:
+       - ReadWriteOnce
+     resources:
+       requests:
+         storage: 1Gi
+   ---
+   apiVersion: apps/v1
+   kind: Deployment
+   metadata:
+     labels:
+       app: grafana
+     name: grafana
+   spec:
+     selector:
+       matchLabels:
+         app: grafana
+     template:
+       metadata:
+         labels:
+           app: grafana
+       spec:
+         securityContext:
+           fsGroup: 472
+           supplementalGroups:
+             - 0
+         containers:
+           - name: grafana
+             image: grafana/grafana:latest
+             imagePullPolicy: IfNotPresent
+             ports:
+               - containerPort: 3000
+                 name: http-grafana
+                 protocol: TCP
+             readinessProbe:
+               failureThreshold: 3
+               httpGet:
+                 path: /robots.txt
+                 port: 3000
+                 scheme: HTTP
+               initialDelaySeconds: 10
+               periodSeconds: 30
+               successThreshold: 1
+               timeoutSeconds: 2
+             livenessProbe:
+               failureThreshold: 3
+               initialDelaySeconds: 30
+               periodSeconds: 10
+               successThreshold: 1
+               tcpSocket:
+                 port: 3000
+               timeoutSeconds: 1
+             resources:
+               requests:
+                 cpu: 250m
+                 memory: 750Mi
+             volumeMounts:
+               - mountPath: /var/lib/grafana
+                 name: grafana-pv
+         volumes:
+           - name: grafana-pv
+             persistentVolumeClaim:
+               claimName: grafana-pvc
+   ---
+   apiVersion: v1
+   kind: Service
+   metadata:
+     name: grafana
+   spec:
+     ports:
+       - port: 3000
+         protocol: TCP
+         targetPort: http-grafana
+     selector:
+       app: grafana
+     sessionAffinity: None
+     type: LoadBalancer
+   ```
+
+1. Run the following command to send the manifest to the Kubernetes API server:
+
+   ```bash
+   kubectl apply -f grafana.yaml --namespace=my-grafana
+   ```
+
+   This command creates the PVC, Deployment, and Service objects.
+
+1. Complete the following steps to verify the deployment status of each object.
+
+   a. For PVC, run the following command:
+
+   ```bash
+   kubectl get pvc --namespace=my-grafana -o wide
+   ```
+
+   b. For Deployment, run the following command:
+
+   ```bash
+   kubectl get deployments --namespace=my-grafana -o wide
+   ```
+
+   c. For Service, run the following command:
+
+   ```bash
+   kubectl get svc --namespace=my-grafana -o wide
+   ```
+
+## Access Grafana on Managed K8s Providers
+
+In this task, you access Grafana deployed on a Managed Kubernetes provider using a web browser. Accessing Grafana via a web browser is straightforward if it is deployed on a Managed Kubernetes Provider as it uses the cloud provider’s **LoadBalancer** to which the external load balancer routes are automatically created.
+
+1. Run the following command to obtain the deployment information:
+
+   ```bash
+   kubectl get all --namespace=my-grafana
+   ```
+
+   The output returned should look similar to the following:
+
+   ```bash
+   NAME                           READY   STATUS    RESTARTS   AGE
+   pod/grafana-69946c9bd6-kwjb6   1/1     Running   0          7m27s
+
+   NAME              TYPE           CLUSTER-IP     EXTERNAL-IP      PORT(S)          AGE
+   service/grafana   LoadBalancer   10.5.243.226   1.120.130.330   3000:31171/TCP   7m27s
+
+   NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
+   deployment.apps/grafana   1/1     1            1           7m29s
+
+   NAME                                 DESIRED   CURRENT   READY   AGE
+   replicaset.apps/grafana-69946c9bd6   1         1         1       7m30s
+   ```
+
+1. Identify the **EXTERNAL-IP** value in the output and type it into your browser.
+
+   The Grafana sign-in page appears.
+
+1. To sign in, enter `admin` for both the username and password.
+
+1. If you do not see the EXTERNAL-IP, complete the following steps:
+
+   a. Run the following command to do a port-forwarding of the Grafana service on port `3000`.
+
+   ```bash
+   kubectl port-forward service/grafana 3000:3000 --namespace=my-grafana
+   ```
+
+   For more information about port-forwarding, refer to [Use Port Forwarding to Access Applications in a Cluster](https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/).
+
+   b. Navigate to `localhost:3000` in your browser.
+
+   The Grafana sign-in page appears.
+
+   c. To sign in, enter `admin` for both the username and password.
+
+## Access Grafana using minikube
+
+There are multiple ways to access the Grafana UI on a web browser when using minikube. For more information about minikube, refer to [How to access applications running within minikube](https://minikube.sigs.k8s.io/docs/handbook/accessing/).
+
+This section lists the two most common options for accessing an application running in minikube.
+
+### Option 1: Expose the service
+
+This option uses the `type: LoadBalancer` in the `grafana.yaml` service manifest, which makes the service accessible through the `minikube service` command. For more information, refer to [minikube Service command usage](https://minikube.sigs.k8s.io/docs/commands/service/).
+
+1. Run the following command to obtain the Grafana service IP:
+
+   ```bash
+   minikube service grafana --namespace=my-grafana
+   ```
+
+   The output returns the Kubernetes URL for service in your local cluster.
+
+   ```bash
+   |------------|---------|-------------|------------------------------|
+   | NAMESPACE  |  NAME   | TARGET PORT |             URL              |
+   |------------|---------|-------------|------------------------------|
+   | my-grafana | grafana |        3000 | http://192.168.122.144:32182 |
+   |------------|---------|-------------|------------------------------|
+   Opening service my-grafana/grafana in default browser...
+   http://192.168.122.144:32182
+   ```
+
+1. Run a `curl` command to verify whether a given connection should work in a browser under ideal circumstances.
+
+   ```bash
+   curl 192.168.122.144:32182
+   ```
+
+   The following example output shows that an endpoint has been located:
+
+   `<a href="/login">Found</a>.`
+
+1. Access the Grafana UI in the browser using the provided IP:Port from the command above. For example `192.168.122.144:32182`
+
+   The Grafana sign-in page appears.
+
+1. To sign in to Grafana, enter `admin` for both the username and password.
+
+### Option 2: Use port forwarding
+
+If Option 1 does not work in your minikube environment (this mostly depends on the network), then as an alternative you can use the port forwarding option for the Grafana service on port `3000`.
+
+For more information about port forwarding, refer to [Use Port Forwarding to Access Applications in a Cluster](https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/).
+
+1. To find the minikube IP address, run the following command:
+
+   ```bash
+   minikube ip
+   ```
+
+   The output contains the IP address that you use to access the Grafana Pod during port forwarding.
+
+   A Pod is the smallest deployment unit in Kubernetes and is the core building block for running applications in a Kubernetes cluster. For more information about Pods, refer to [Pods](https://kubernetes.io/docs/concepts/workloads/pods/).
+
+1. To obtain the Grafana Pod information, run the following command:
+
+   ```bash
+   kubectl get pods --namespace=my-grafana
+   ```
+
+   The output should look similar to the following:
+
+   ```bash
+   NAME                       READY   STATUS    RESTARTS   AGE
+   grafana-58445b6986-dxrrw   1/1     Running   0          9m54s
+   ```
+
+   The output shows the Grafana POD name in the `NAME` column, that you use for port forwarding.
+
+1. Run the following command for enabling the port forwarding on the POD:
+
+   ```bash
+   kubectl port-forward pod/grafana-58445b6986-dxrrw --namespace=my-grafana --address 0.0.0.0 3000:3000
+   ```
+
+1. To access the Grafana UI on the web browser, type the minikube IP along with the forwarded port. For example `192.168.122.144:3000`
+
+   The Grafana sign-in page appears.
+
+1. To sign in to Grafana, enter `admin` for both the username and password.
+
+## Update an existing deployment using a rolling update strategy
+
+Rolling updates enable deployment updates to take place with no downtime by incrementally updating Pods instances with new ones. The new Pods will be scheduled on nodes with available resources. For more information about rolling updates, refer to [Performing a Rolling Update](https://kubernetes.io/docs/tutorials/kubernetes-basics/update/update-intro/).
+
+The following steps use the `kubectl annotate` command to add the metadata and keep track of the deployment. For more information about `kubectl annotate`, refer to [kubectl annotate documentation](https://jamesdefabia.github.io/docs/user-guide/kubectl/kubectl_annotate/).
+
+{{% admonition type="note" %}}
+Instead of using the `annotate` flag, you can still use the `--record` flag. However, it has been deprecated and will be removed in the future version of Kubernetes. See: https://github.com/kubernetes/kubernetes/issues/40422
+{{% /admonition %}}
+
+1. To view the current status of the rollout, run the following command:
+
+   ```bash
+   kubectl rollout history deployment/grafana --namespace=my-grafana
+   ```
+
+   The output will look similar to this:
+
+   ```bash
+   deployment.apps/grafana
+   REVISION  CHANGE-CAUSE
+   1         NONE
+   ```
+
+   The output shows that nothing has been updated or changed after applying the `grafana.yaml` file.
+
+1. To add metadata to keep record of the initial deployment, run the following command:
+
+   ```bash
+   kubectl annotate deployment/grafana kubernetes.io/change-cause='deployed the default base yaml file' --namespace=my-grafana
+   ```
+
+1. To review the rollout history and verify the changes, run the following command:
+
+   ```bash
+   kubectl rollout history deployment/grafana --namespace=my-grafana
+   ```
+
+   You should see the updated information that you added in the `CHANGE-CAUSE` earlier.
+
+### Change Grafana image version
+
+1. To change the deployed Grafana version, run the following `kubectl edit` command:
+
+   ```bash
+   kubectl edit deployment grafana --namespace=my-grafana
+   ```
+
+1. In the editor, change the container image under the `kind: Deployment` section.
+
+   For example:
+
+   - From
+
+     - `yaml image: grafana/grafana-oss:10.0.1`
+
+   - To
+     - `yaml image: grafana/grafana-oss-dev:10.1.0-124419pre`
+
+1. Save the changes.
+
+   Once you save the file, you receive a message similar to the following:
+
+   ```bash
+   deployment.apps/grafana edited
+   ```
+
+   This means that the changes have been applied.
+
+1. To verify that the rollout on the cluster is successful, run the following command:
+
+   ```bash
+   kubectl rollout status deployment grafana --namespace=my-grafana
+   ```
+
+   A successful deployment rollout means that the Grafana Dev cluster is now available.
+
+1. To check the statuses of all deployed objects, run the following command and include the `-o wide` flag to get more detailed output:
+
+   ```bash
+   kubectl get all --namespace=my-grafana -o wide
+   ```
+
+   You should see the newly deployed `grafana-oss-dev` image.
+
+1. To verify it, access the Grafana UI in the browser using the provided IP:Port from the command above.
+
+   The Grafana sign-in page appears.
+
+1. To sign in to Grafana, enter `admin` for both the username and password.
+1. In the top-right corner, click the help icon.
+
+   The version information appears.
+
+1. Add the `change cause` metadata to keep track of things using the commands:
+
+   ```bash
+   kubectl annotate deployment grafana --namespace=my-grafana kubernetes.io/change-cause='using grafana-oss-dev:10.1.0-124419pre for testing'
+   ```
+
+1. To verify, run the `kubectl rollout history` command:
+
+   ```bash
+   kubectl rollout history deployment grafana --namespace=my-grafana
+   ```
+
+   You will see an output similar to this:
+
+   ```bash
+   deployment.apps/grafana
+   REVISION  CHANGE-CAUSE
+   1         deploying the default yaml
+   2         using grafana-oss-dev:10.1.0-124419pre for testing
+   ```
+
+This means that `REVISION#2` is the current version.
+
+{{% admonition type="note" %}}
+The last line of the `kubectl rollout history deployment` command output is the one which is currently active and running on your Kubernetes environment.
+{{% /admonition %}}
+
+### Roll back a deployment
+
+When the Grafana deployment becomes unstable due to crash looping, bugs, and so on, you can roll back a deployment to an earlier version (a `REVISION`).
+
+By default, Kubernetes deployment rollout history remains in the system so that you can roll back at any time. For more information, refer to [Rolling Back to a Previous Revision](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-back-to-a-previous-revision).
+
+1. To list all possible `REVISION` values, run the following command:
+
+   ```bash
+   kubectl rollout history deployment grafana --namespace=my-grafana
+   ```
+
+1. To roll back to a previous version, run the `kubectl rollout undo` command and provide a revision number.
+
+   Example: To roll back to a previous version, specify the `REVISION` number, which appears after you run the `kubectl rollout history deployment` command, in the `--to-revision` parameter.
+
+   ```bash
+   kubectl rollout undo deployment grafana --to-revision=1 --namespace=my-grafana
+   ```
+
+1. To verify that the rollback on the cluster is successful, run the following command:
+
+   ```bash
+   kubectl rollout status deployment grafana --namespace=my-grafana
+   ```
+
+1. Access the Grafana UI in the browser using the provided IP:Port from the command above.
+
+   The Grafana sign-in page appears.
+
+1. To sign in to Grafana, enter `admin` for both the username and password.
+1. In the top-right corner, click the help icon to display the version number.
+
+1. To see the new rollout history, run the following command:
+
+   ```bash
+   kubectl rollout history deployment grafana --namespace=my-grafana
+   ```
+
+If you need to go back to any other `REVISION`, just repeat the steps above and use the correct revision number in the `--to-revision` parameter.
+
+## Troubleshooting
+
+This section includes troubleshooting tips you might find helpful when deploying Grafana on Kubernetes.
+
+### Collecting logs
+
+It is important to view the Grafana server logs while troubleshooting any issues.
+
+1. To check the Grafana logs, run the following command:
+
+   ```bash
+   # dump Pod logs for a Deployment (single-container case)
+   kubectl logs --namespace=my-grafana deploy/grafana
+   ```
+
+1. If you have multiple containers running in the deployment, run the following command to obtain the logs only for the Grafana deployment:
+
+   ```bash
+   # dump Pod logs for a Deployment (multi-container case)
+   kubectl logs --namespace=my-grafana deploy/grafana -c grafana
+   ```
+
+For more information about accessing Kubernetes application logs, refer to [Pods](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#interacting-with-running-pods) and [Deployments](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#interacting-with-deployments-and-services).
+
+### Increasing log levels to debug mode
+
+By default, the Grafana log level is set to `info`, but you can increase it to `debug` mode to fetch information needed to diagnose and troubleshoot a problem. For more information about Grafana log levels, refer to [Configuring logs](/docs/grafana/latest/setup-grafana/configure-grafana#log).
+
+The following example uses the Kubernetes ConfigMap which is an API object that stores non-confidential data in key-value pairs. For more information, refer to [Kubernetes ConfigMap Concept](https://kubernetes.io/docs/concepts/configuration/configmap/).
+
+1. Create a empty file and name it `grafana.ini` and add the following:
+
+   ```bash
+   [log]
+   ; # Either "debug", "info", "warn", "error", "critical", default is "info"
+   ; # we change from info to debug level
+   level = debug
+   ```
+
+   This example adds the portion of the log section from the configuration file. You can refer to the [Configure Grafana](/docs/grafana/latest/setup-grafana/configure-grafana/) documentation to view all the default configuration settings.
+
+1. To add the configuration file into the Kubernetes cluster via the ConfigMap object, run the following command:
+
+   ```bash
+   kubectl create configmap ge-config --from-file=/path/to/file/grafana.ini --namespace=my-grafana
+   ```
+
+1. To verify the ConfigMap object creation, run the following command:
+
+   ```bash
+   kubectl get configmap --namespace=my-grafana
+   ```
+
+1. Open the `grafana.yaml` file and In the Deployment section, provide the mount path to the custom configuration (`/etc/grafana`) and reference the newly created ConfigMap for it.
+
+   ```bash
+   ---
+   apiVersion: apps/v1
+   kind: Deployment
+   metadata:
+     labels:
+       app: grafana
+     name: grafana
+   # the rest of the code remains the same.
+   ...
+   ....
+   ...
+               requests:
+               cpu: 250m
+               memory: 750Mi
+           volumeMounts:
+             - mountPath: /var/lib/grafana
+               name: grafana-pv
+              # This is to mount the volume for the custom configuration
+             - mountPath: /etc/grafana
+               name: ge-config
+       volumes:
+         - name: grafana-pv
+           persistentVolumeClaim:
+             claimName: grafana-pvc
+          # This is to provide the reference to the ConfigMap for the volume
+         - name: ge-config
+           configMap:
+             name: ge-config
+   ```
+
+1. Deploy the manifest using the following kubectl apply command:
+
+   ```bash
+   kubectl apply -f grafana.yaml --namespace=my-grafana
+   ```
+
+1. To verify the status, run the following commands:
+
+   ```bash
+   # first check the rollout status
+   kubectl rollout status deployment grafana --namespace=my-grafana
+
+   # then check the deployment and configMap information
+   kubectl get all --namespace=my-grafana
+   ```
+
+1. To verify it, access the Grafana UI in the browser using the provided IP:Port
+
+   The Grafana sign-in page appears.
+
+1. To sign in to Grafana, enter `admin` for both the username and password.
+
+1. Navigate to **Server Admin > Settings** and then search for log.
+
+   You should see the level to debug mode.
+
+### Using the --dry-run command
+
+You can use the Kubernetes `--dry-run` command to send requests to modifying endpoints and determine if the request would have succeeded.
+
+Performing a dry run can be useful for catching errors or unintended consequences before they occur. For more information, refer to [Kubernetes Dry-run](https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/576-dry-run/README.md).
+
+Example:
+
+The following example shows how to perform a dry run when you make changes to the `grafana.yaml` such as using a new image version, or adding new labels and you want to determine if there are syntax errors or conflicts.
+
+To perform a dry run, run the following command:
+
+```bash
+kubectl apply -f grafana.yaml --dry-run=server --namespace=grafana
 ```
 
-### Send the manifest to the Kubernetes API server
+If there are no errors, then the output will look similar to this:
 
-1. Run the following command:
-   `kubectl apply -f grafana.yaml`
+```bash
+persistentvolumeclaim/grafana-pvc unchanged (server dry run)
+deployment.apps/grafana unchanged (server dry run)
+service/grafana unchanged (server dry run)
+```
 
-1. Check that it worked by running the following:
-   `kubectl port-forward service/grafana 3000:3000`
+If there are errors or warnings, you will see them in the terminal.
 
-1. Navigate to `localhost:3000` in your browser. You should see a Grafana login page.
+## Remove Grafana
 
-1. Use `admin` for both the username and password to login.
+If you want to remove any of the Grafana deployment objects, use the `kubectl delete command`.
+
+1. If you want to remove the complete Grafana deployment, run the following command:
+
+   ```bash
+   kubectl delete -f grafana.yaml --namespace=my-grafana
+   ```
+
+   This command deletes the deployment, persistentvolumeclaim, and service objects.
+
+1. To delete the ConfigMap, run the following command:
+
+   ```bash
+   kubectl delete configmap ge-config --namespace=my-grafana
+   ```
 
 ## Deploy Grafana Enterprise on Kubernetes
 
@@ -139,17 +670,18 @@ kubectl create secret generic ge-license --from-file=/path/to/your/license.jwt
 
 ### Create Grafana Enterprise configuration
 
-Create a Grafana configuration file with the name `grafana.ini`. Then paste the content below.
+1. Create a Grafana configuration file with the name `grafana.ini`
 
-> **Note:** You will have to update the `root_url` field to the url associated with the license you were given.
+1. Paste the following YAML contents into the file you created:
 
-```yaml
-[enterprise]
-license_path = /etc/grafana/license/license.jwt
-[server]
-root_url =/your/license/root/url
+   ```yaml
+   [enterprise]
+   license_path = /etc/grafana/license/license.jwt
+   [server]
+   root_url =/your/license/root/url
+   ```
 
-```
+1. Update the `root_url` field to the url associated with the license provided to you.
 
 ### Create Configmap for Grafana Enterprise configuration
 
@@ -161,107 +693,112 @@ kubectl create configmap ge-config --from-file=/path/to/your/grafana.ini
 
 ### Create Grafana Enterprise Kubernetes manifest
 
-Create a `grafana.yaml` file, and copy-and-paste the following content into it.
-The YAML that follows is identical to the one for a Grafana installation, except for the additional references to the Configmap that contains your Grafana configuration file and the secret that has your license.
+1. Create a `grafana.yaml` file, and copy-and-paste the following content into it.
 
-```yaml
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: grafana-pvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: grafana
-  name: grafana
-spec:
-  selector:
-    matchLabels:
-      app: grafana
-  template:
-    metadata:
-      labels:
-        app: grafana
-    spec:
-      securityContext:
-        fsGroup: 472
-        supplementalGroups:
-          - 0
-      containers:
-        - image: grafana/grafana-enterprise:latest
-          imagePullPolicy: IfNotPresent
-          name: grafana
-          ports:
-            - containerPort: 3000
-              name: http-grafana
-              protocol: TCP
-          readinessProbe:
-            failureThreshold: 3
-            httpGet:
-              path: /robots.txt
-              port: 3000
-              scheme: HTTP
-            initialDelaySeconds: 10
-            periodSeconds: 30
-            successThreshold: 1
-            timeoutSeconds: 2
-          resources:
-            limits:
-              memory: 4Gi
-            requests:
-              cpu: 100m
-              memory: 2Gi
-          volumeMounts:
-            - mountPath: /var/lib/grafana
-              name: grafana-pv
-            - mountPath: /etc/grafana
-              name: ge-config
-            - mountPath: /etc/grafana/license
-              name: ge-license
-      volumes:
-        - name: grafana-pv
-          persistentVolumeClaim:
-            claimName: grafana-pvc
-        - name: ge-config
-          configMap:
-            name: ge-config
-        - name: ge-license
-          secret:
-            secretName: ge-license
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: grafana
-spec:
-  ports:
-    - port: 3000
-      protocol: TCP
-      targetPort: http-grafana
-  selector:
-    app: grafana
-  sessionAffinity: None
-  type: LoadBalancer
-```
+   The following YAML is identical to the one for a Grafana installation, except for the additional references to the Configmap that contains your Grafana configuration file and the secret that has your license.
 
-> **Caution:** If you use `LoadBalancer` in the Service and depending on your cloud platform and network configuration, doing so might expose your Grafana instance to the Internet. To eliminate this risk, use `ClusterIP` to restrict access from within the cluster Grafana is deployed to.
+   ```yaml
+   ---
+   apiVersion: v1
+   kind: PersistentVolumeClaim
+   metadata:
+     name: grafana-pvc
+   spec:
+     accessModes:
+       - ReadWriteOnce
+     resources:
+       requests:
+         storage: 1Gi
+   ---
+   apiVersion: apps/v1
+   kind: Deployment
+   metadata:
+     labels:
+       app: grafana
+     name: grafana
+   spec:
+     selector:
+       matchLabels:
+         app: grafana
+     template:
+       metadata:
+         labels:
+           app: grafana
+       spec:
+         securityContext:
+           fsGroup: 472
+           supplementalGroups:
+             - 0
+         containers:
+           - image: grafana/grafana-enterprise:latest
+             imagePullPolicy: IfNotPresent
+             name: grafana
+             ports:
+               - containerPort: 3000
+                 name: http-grafana
+                 protocol: TCP
+             readinessProbe:
+               failureThreshold: 3
+               httpGet:
+                 path: /robots.txt
+                 port: 3000
+                 scheme: HTTP
+               initialDelaySeconds: 10
+               periodSeconds: 30
+               successThreshold: 1
+               timeoutSeconds: 2
+             resources:
+               limits:
+                 memory: 4Gi
+               requests:
+                 cpu: 100m
+                 memory: 2Gi
+             volumeMounts:
+               - mountPath: /var/lib/grafana
+                 name: grafana-pv
+               - mountPath: /etc/grafana
+                 name: ge-config
+               - mountPath: /etc/grafana/license
+                 name: ge-license
+         volumes:
+           - name: grafana-pv
+             persistentVolumeClaim:
+               claimName: grafana-pvc
+           - name: ge-config
+             configMap:
+               name: ge-config
+           - name: ge-license
+             secret:
+               secretName: ge-license
+   ---
+   apiVersion: v1
+   kind: Service
+   metadata:
+     name: grafana
+   spec:
+     ports:
+       - port: 3000
+         protocol: TCP
+         targetPort: http-grafana
+     selector:
+       app: grafana
+     sessionAffinity: None
+     type: LoadBalancer
+   ```
 
-1. Send manifest to Kubernetes API Server
+   {{% admonition type="caution" %}}
+   If you use `LoadBalancer` in the Service and depending on your cloud platform and network configuration, doing so might expose your Grafana instance to the Internet. To eliminate this risk, use `ClusterIP` to restrict access from within the cluster Grafana is deployed to.
+   {{% /admonition %}}
+
+1. To send the manifest to Kubernetes API Server, run the following command:
    `kubectl apply -f grafana.yaml`
 
-1. Check that it worked by running the following:
+1. To verify the manifest was sent, run the following command:
    `kubectl port-forward service/grafana 3000:3000`
 
-1. Navigate to `localhost:3000` in your browser. You should see the Grafana login page.
+1. Navigate to `localhost:3000` in your browser.
+
+   You should see the Grafana login page.
 
 1. Use `admin` for both the username and password to login.
-   If it worked, you should see `Enterprise (Licensed)` at the bottom of the page.
+1. To verify you are working with an enterprise license, scroll to the bottom of the page where you should see `Enterprise (Licensed)`.

docs/sources/setup-grafana/sign-in-to-grafana.md

@@ -16,9 +16,9 @@ This topic describes how to sign in to Grafana.
 
 To sign in to Grafana for the first time, follow these steps:
 
-1. Open your web browser and go to http://localhost:3000/.
+1. Open your web browser and go to root URL specified in [Grafana configuration file]({{< relref "./configure-grafana" >}}).
 
-   Unless you have configured a different port, Grafana listens to port `3000` by default.
+   Unless you have configured Grafana differently, it is set to use `http://localhost:3000` by default.
 
 1. On the signin page, enter `admin` for username and password.
 1. Click **Sign in**.

docs/sources/setup-grafana/start-restart-grafana.md

@@ -48,7 +48,7 @@ sudo systemctl enable grafana-server.service
 
 #### Serve Grafana on a port < 1024
 
-{{< docs/shared "systemd/bind-net-capabilities.md" >}}
+{{< docs/shared lookup="systemd/bind-net-capabilities.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ### Restart the Grafana server using systemd
 
@@ -175,6 +175,14 @@ To restart the Grafana server, complete the following steps:
 
 Restart methods differ depending on whether you installed Grafana using Homebrew or as standalone macOS binaries.
 
+### Start Grafana using Homebrew
+
+To start Grafana using [Homebrew](http://brew.sh/), run the following start command:
+
+```bash
+brew services start grafana
+```
+
 ### Restart Grafana using Homebrew
 
 Use the [Homebrew](http://brew.sh/) restart command:

docs/sources/shared/back-up/back-up-grafana.md

@@ -0,0 +1,77 @@
+---
+headless: true
+labels:
+  products:
+    - enterprise
+    - oss
+title: Back up Grafana
+---
+
+# Back up Grafana
+
+This topic explains how to back up a local Grafana deployment, including configuration, plugin data, and the Grafana database.
+
+## Back up the Grafana configuration file
+
+Copy Grafana configuration files that you might have modified in your Grafana deployment to a backup directory.
+
+The Grafana configuration files are located in the following directories:
+
+- Default configuration: `$WORKING_DIR/conf/defaults.ini`
+- Custom configuration: `$WORKING_DIR/conf/custom.ini`
+
+{{% admonition type="note" %}}
+If you installed Grafana using the `deb` or `rpm` packages, then your configuration file is located at
+`/etc/grafana/grafana.ini`. This path is specified in the Grafana `init.d` script using `--config` file parameter.
+{{% /admonition %}}
+
+## Back up plugin data
+
+Installing plugins in Grafana creates a folder for each plugin with its associated files and data. Copy all files and folders recursively from this location to your backup repository.
+
+The Grafana plugin files are located in the following directories:
+
+- Default location for plugins in a binary or source installation: `$WORKING_DIR/data/plugins`
+- Default location for plugins in a `deb` or `rpm` package: `/var/lib/grafana/plugins`. This path is specified in the Grafana init.d script using `--config` file parameter.
+
+## Back up the Grafana database
+
+We recommend that you back up your Grafana database so that you can roll back to a previous version, if required.
+
+### SQLite
+
+The default Grafana database is SQLite, which stores its data in a single file on disk. To back up this file, copy it to your backup repository.
+
+{{% admonition type="note" %}}
+To ensure data integrity, shut down your Grafana service before backing up the SQLite database.
+{{% /admonition %}}
+
+The SQLite database file is located in one of the following directories:
+
+- Default location for SQLite data in a binary or source installation: `$WORKING_DIR/data/grafana.db`
+- Default location for SQLite data in a `deb` or `rpm` package: `/var/lib/grafana/grafana.db`. This path is specified in the Grafana
+  init.d script using `--config` file parameter.
+
+### MySQL
+
+To back up or restore a MySQL Grafana database, run the following commands:
+
+```bash
+backup:
+> mysqldump -u root -p[root_password] [grafana] > grafana_backup.sql
+
+restore:
+> mysql -u root -p grafana < grafana_backup.sql
+```
+
+### Postgres
+
+To back up or restore a Postgres Grafana database, run the following commands:
+
+```bash
+backup:
+> pg_dump grafana > grafana_backup
+
+restore:
+> psql grafana < grafana_backup
+```

docs/sources/shared/example.md

@@ -11,7 +11,7 @@ When you have a chunk of text or steps that stand alone, not part of an ordered
 The syntax to invoke this file would be the following, minus the backslash:
 
 ```
-\{{< docs/shared "example.md" >}}
+\{{< docs/shared lookup="example.md" source="grafana" version="<GRAFANA VERSION>" >}}
 ```
 
 ## Part of a list
@@ -24,7 +24,7 @@ Below is an example from the docs, with backslashes added. The initial spaces ar
 
 ```
 \{{< docs/list >}}
-  \{{< docs/shared "manage-users/view-server-user-list.md" >}}
+  \{{< docs/shared lookup="manage-users/view-server-user-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
   1. Click the user account that you want to edit. If necessary, use the search field to find the account.
 \{{< /docs/list >}}
 ```
@@ -36,7 +36,7 @@ You cannot use short codes in an ordered list with sublists. The shortcode break
 All unordered list steps included as part of a list will appear as second-level lists (with the hollow circle bullet) rather than first-level lists (solid circle bullet), even if the list is not indented in the shared file or the document file.
 
 {{< docs/list >}}
-{{< docs/shared "test.md" >}}
+{{< docs/shared lookup="test.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 - Bullet text
   {{< /docs/list >}}

docs/sources/shared/manage-users/view-server-org-list-and-edit.md

@@ -3,7 +3,7 @@ title: View org list as server admin
 ---
 
 {{< docs/list >}}
-{{< docs/shared "manage-users/view-server-org-list.md" >}}
+{{< docs/shared lookup="manage-users/view-server-org-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 1. Click the name of the organization that you want to edit.
 

docs/sources/shared/manage-users/view-server-user-list-search.md

@@ -3,7 +3,7 @@ title: View user list and search - list format
 ---
 
 {{< docs/list >}}
-{{< docs/shared "manage-users/view-server-user-list.md" >}}
+{{< docs/shared lookup="manage-users/view-server-user-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 1. Click the user account that you want to edit. If necessary, use the search field to find the account.
 

docs/sources/shared/systemd/bind-net-capabilities.md

@@ -8,7 +8,7 @@ If you are using `systemd` and want to start Grafana on a port that is lower tha
 
    ```bash
    # Alternatively, create a file in /etc/systemd/system/grafana-server.service.d/override.conf
-   systemctl edit grafana-server.service
+   sudo systemctl edit grafana-server.service
    ```
 
 1. Add the following additional settings to grant the `CAP_NET_BIND_SERVICE` capability.

docs/sources/shared/upgrade/intro.md

@@ -0,0 +1,25 @@
+---
+headless: true
+labels:
+  products:
+    - enterprise
+    - oss
+title: Upgrade guide introduction
+---
+
+We recommend that you upgrade Grafana often to stay current with the latest fixes and enhancements.
+Because Grafana upgrades are backward compatible, the upgrade process is straightforward, and dashboards and graphs will not change.
+
+In addition to common tasks you should complete for all versions of Grafana, there might be additional upgrade tasks to complete for a version.
+
+{{% admonition type="note" %}}
+There might be breaking changes in some releases. We outline these changes in the [What's New ]({{< relref "../../whatsnew/" >}}) document for most releases or a separate [Breaking changes]({{< relref "../../breaking-changes/" >}}) document for releases with many breaking changes.
+{{% /admonition %}}
+
+For versions of Grafana prior to v9.2, we published additional information in the [Release Notes]({{< relref "../../release-notes/" >}}).
+
+When available, we list all changes with links to pull requests or issues in the [Changelog](https://github.com/grafana/grafana/blob/main/CHANGELOG.md).
+
+{{% admonition type="note" %}}
+When possible, we recommend that you test the Grafana upgrade process in a test or development environment.
+{{% /admonition %}}

docs/sources/shared/upgrade/upgrade-common-tasks.md

@@ -1,59 +1,11 @@
 ---
+labels:
+  products:
+    - enterprise
+    - oss
 title: Upgrade guide common tasks
 ---
 
-We recommend that you upgrade Grafana often to stay current with the latest fixes and enhancements.
-Because Grafana upgrades are backward compatible, the upgrade process is straightforward, and dashboards and graphs will not change.
-
-In addition to common tasks you should complete for all versions of Grafana, there might be additional upgrade tasks to complete for a version.
-
-> **Note:** There might be minor breaking changes in some releases. We outline these changes in the [What's New ]({{< relref "../../whatsnew/" >}}) document for each release.
-
-For versions of Grafana prior to v9.2, we published additional information in the [Release Notes]({{< relref "../../release-notes/" >}}).
-
-When available, we list all changes with links to pull requests or issues in the [Changelog](https://github.com/grafana/grafana/blob/main/CHANGELOG.md).
-
-> **Note:** When possible, we recommend that you test the Grafana upgrade process in a test or development environment.
-
-## Back up the Grafana database
-
-Although Grafana automatically upgrades the database on startup, we recommend that you back up your Grafana database so that you can roll back to a previous version, if required.
-
-### SQLite
-
-If you use SQLite, you only need to back up the `grafana.db` file. On Unix systems, the database file is usually located in `/var/lib/grafana/`.
-
-If you are unsure which database you use and where it is stored, check the Grafana configuration file. If you
-installed Grafana to a custom location using a binary tar/zip, the database is usually located in `<grafana_install_dir>/data`.
-
-### MySQL
-
-To back up or restore a MySQL Grafana database, run the following commands:
-
-```bash
-backup:
-> mysqldump -u root -p[root_password] [grafana] > grafana_backup.sql
-
-restore:
-> mysql -u root -p grafana < grafana_backup.sql
-```
-
-### Postgres
-
-To back up or restore a Postgres Grafana database, run the following commands:
-
-```bash
-backup:
-> pg_dump grafana > grafana_backup
-
-restore:
-> psql grafana < grafana_backup
-```
-
-## Backup plugins
-
-We recommend that you back up installed plugins before you upgrade Grafana so that you can roll back to a previous version of Grafana, if necessary.
-
 ## Upgrade Grafana
 
 The following sections provide instructions for how to upgrade Grafana based on your installation method.
@@ -138,7 +90,9 @@ To upgrade Grafana running in a Docker container, complete the following steps:
 
 1. Run a commands similar to the following commands.
 
-   > **Note:** This is an example. The parameters you enter depend on how you configured your Grafana container.
+   {{% admonition type="note" %}}
+   This is an example. The parameters you enter depend on how you configured your Grafana container.
+   {{% /admonition %}}
 
    ```bash
    docker pull grafana/grafana
@@ -183,5 +137,5 @@ can make older plugins stop working properly.
 Run the following command to update plugins:
 
 ```bash
-grafana-cli plugins update-all
+grafana cli plugins update-all
 ```

docs/sources/shared/visualizations/multiple-y-axes.md

@@ -0,0 +1,9 @@
+---
+title: Display multiple y-axes
+---
+
+# Display multiple y-axes
+
+In some cases, you may want to display multiple y-axes. For example, if you have a dataset showing both temperature and humidity over time, you may want to show two y-axes with different units for these two series.
+
+You can do this by [adding field overrides]({{< relref "../../panels-visualizations/configure-overrides#add-a-field-override" >}}). Follow the steps as many times as required to add as many y-axes as you need.

docs/sources/upgrade-guide/upgrade-v8.0/index.md

@@ -12,7 +12,11 @@ weight: 2900
 
 # Upgrade to Grafana v8.0
 
-{{< docs/shared lookup="upgrade/upgrade-common-tasks.md" source="grafana" >}}
+{{< docs/shared lookup="upgrade/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
+
+{{< docs/shared lookup="back-up/back-up-grafana.md" source="grafana" version="<GRAFANA VERSION>" leveloffset="+1" >}}
+
+{{< docs/shared lookup="upgrade/upgrade-common-tasks.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Technical notes
 

docs/sources/upgrade-guide/upgrade-v8.1/index.md

@@ -12,7 +12,11 @@ weight: 2800
 
 # Upgrade to Grafana v8.1
 
-{{< docs/shared "upgrade/upgrade-common-tasks.md" >}}
+{{< docs/shared lookup="upgrade/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
+
+{{< docs/shared lookup="back-up/back-up-grafana.md" source="grafana" version="<GRAFANA VERSION>" leveloffset="+1" >}}
+
+{{< docs/shared lookup="upgrade/upgrade-common-tasks.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Technical notes
 

docs/sources/upgrade-guide/upgrade-v8.2/index.md

@@ -12,7 +12,11 @@ weight: 2700
 
 # Upgrade to Grafana v8.2
 
-{{< docs/shared "upgrade/upgrade-common-tasks.md" >}}
+{{< docs/shared lookup="upgrade/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
+
+{{< docs/shared lookup="back-up/back-up-grafana.md" source="grafana" version="<GRAFANA VERSION>" leveloffset="+1" >}}
+
+{{< docs/shared lookup="upgrade/upgrade-common-tasks.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Technical notes
 

docs/sources/upgrade-guide/upgrade-v8.3/index.md

@@ -12,7 +12,11 @@ weight: 2600
 
 # Upgrade to Grafana v8.3
 
-{{< docs/shared "upgrade/upgrade-common-tasks.md" >}}
+{{< docs/shared lookup="upgrade/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
+
+{{< docs/shared lookup="back-up/back-up-grafana.md" source="grafana" version="<GRAFANA VERSION>" leveloffset="+1" >}}
+
+{{< docs/shared lookup="upgrade/upgrade-common-tasks.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Technical notes
 

docs/sources/upgrade-guide/upgrade-v8.4/index.md

@@ -12,7 +12,11 @@ weight: 2500
 
 # Upgrade to Grafana v8.4
 
-{{< docs/shared "upgrade/upgrade-common-tasks.md" >}}
+{{< docs/shared lookup="upgrade/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
+
+{{< docs/shared lookup="back-up/back-up-grafana.md" source="grafana" version="<GRAFANA VERSION>" leveloffset="+1" >}}
+
+{{< docs/shared lookup="upgrade/upgrade-common-tasks.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Technical notes
 

docs/sources/upgrade-guide/upgrade-v8.5/index.md

@@ -12,7 +12,11 @@ weight: 2400
 
 # Upgrade to Grafana v8.5
 
-{{< docs/shared "upgrade/upgrade-common-tasks.md" >}}
+{{< docs/shared lookup="upgrade/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
+
+{{< docs/shared lookup="back-up/back-up-grafana.md" source="grafana" version="<GRAFANA VERSION>" leveloffset="+1" >}}
+
+{{< docs/shared lookup="upgrade/upgrade-common-tasks.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Technical notes
 

docs/sources/upgrade-guide/upgrade-v9.0/index.md

@@ -12,7 +12,11 @@ weight: 2300
 
 # Upgrade to Grafana v9.0
 
-{{< docs/shared "upgrade/upgrade-common-tasks.md" >}}
+{{< docs/shared lookup="upgrade/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
+
+{{< docs/shared lookup="back-up/back-up-grafana.md" source="grafana" version="<GRAFANA VERSION>" leveloffset="+1" >}}
+
+{{< docs/shared lookup="upgrade/upgrade-common-tasks.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Technical notes
 

docs/sources/upgrade-guide/upgrade-v9.1/index.md

@@ -12,7 +12,11 @@ weight: 2200
 
 # Upgrade to Grafana v9.1
 
-{{< docs/shared "upgrade/upgrade-common-tasks.md" >}}
+{{< docs/shared lookup="upgrade/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
+
+{{< docs/shared lookup="back-up/back-up-grafana.md" source="grafana" version="<GRAFANA VERSION>" leveloffset="+1" >}}
+
+{{< docs/shared lookup="upgrade/upgrade-common-tasks.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Technical notes
 

docs/sources/upgrade-guide/upgrade-v9.2/index.md

@@ -12,7 +12,11 @@ weight: 2100
 
 # Upgrade to Grafana v9.2
 
-{{< docs/shared "upgrade/upgrade-common-tasks.md" >}}
+{{< docs/shared lookup="upgrade/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
+
+{{< docs/shared lookup="back-up/back-up-grafana.md" source="grafana" version="<GRAFANA VERSION>" leveloffset="+1" >}}
+
+{{< docs/shared lookup="upgrade/upgrade-common-tasks.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Technical notes
 

docs/sources/upgrade-guide/upgrade-v9.3/index.md

@@ -12,7 +12,11 @@ weight: 2000
 
 # Upgrade to Grafana v9.3
 
-{{< docs/shared "upgrade/upgrade-common-tasks.md" >}}
+{{< docs/shared lookup="upgrade/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
+
+{{< docs/shared lookup="back-up/back-up-grafana.md" source="grafana" version="<GRAFANA VERSION>" leveloffset="+1" >}}
+
+{{< docs/shared lookup="upgrade/upgrade-common-tasks.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Technical notes
 

docs/sources/upgrade-guide/upgrade-v9.4/index.md

@@ -12,7 +12,11 @@ weight: 1995
 
 # Upgrade to Grafana v9.4
 
-{{< docs/shared "upgrade/upgrade-common-tasks.md" >}}
+{{< docs/shared lookup="upgrade/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
+
+{{< docs/shared lookup="back-up/back-up-grafana.md" source="grafana" version="<GRAFANA VERSION>" leveloffset="+1" >}}
+
+{{< docs/shared lookup="upgrade/upgrade-common-tasks.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Technical notes
 

docs/sources/upgrade-guide/upgrade-v9.5/index.md

@@ -12,7 +12,11 @@ weight: 1800
 
 # Upgrade to Grafana v9.5
 
-{{< docs/shared "upgrade/upgrade-common-tasks.md" >}}
+{{< docs/shared lookup="upgrade/intro.md" source="grafana" version="<GRAFANA VERSION>" >}}
+
+{{< docs/shared lookup="back-up/back-up-grafana.md" source="grafana" version="<GRAFANA VERSION>" leveloffset="+1" >}}
+
+{{< docs/shared lookup="upgrade/upgrade-common-tasks.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Technical notes
 

docs/sources/whatsnew/whats-new-in-v8-1.md

@@ -55,7 +55,7 @@ You can also create annotations in the new Time series panel bringing it closer
 
 ### Transformations improvements
 
-Grafana 8.1 includes some significant enhancements to transformations, including two new transformations designed around providing dynamic configuration to your panels and visulizations.
+Grafana 8.1 includes some significant enhancements to transformations, including two new transformations designed around providing dynamic configuration to your panels and visualizations.
 
 #### Config from query (Beta)
 

docs/sources/whatsnew/whats-new-in-v8-4.md

@@ -79,7 +79,7 @@ Traditionally alerts in the Alert Panel were grouped by the alert rule that crea
 
 ### WeCom contact point
 
-Starting with Grafana 8.4, you can [configure a WeCom](https://grafana.com/docs/grafana/next/alerting/unified-alerting/contact-points/#wecom) contact point, to send alert notifications to WeCom.
+Starting with Grafana 8.4, you can configure [a WeCom contact point]({{< relref "../alerting/fundamentals/contact-points" >}}), to send alert notifications to WeCom.
 
 ## New panel options
 

docs/sources/whatsnew/whats-new-in-v8-5.md

@@ -89,7 +89,7 @@ In order to support debugging issues in Grafana, error alerts that appear when v
 
 ## Service accounts (beta)
 
-Service accounts are a major evolution for machine access within Grafana. You can create multiple API tokens per service account with independent expiration dates, and temporarily disable a service account without deleting it. These benefits make Service Accounts a more flexible way for Terraform and other apps to authenticate with Grafana. Service accounts also work with [fine-grained access control](https://grafana.com/docs/grafana/latest/enterprise/access-control/) in [Grafana Enterprise](https://grafana.com/docs/grafana/latest/enterprise/): you can improve security by granting service accounts specific roles to limit the functions they can perform. Service accounts are available in beta; you can try them out by enabling the `service-accounts` [feature toggle](https://grafana.com/docs/grafana/latest/administration/service-accounts/enable-service-accounts) or, if you use Grafana Cloud, [reaching out to our support team](https://grafana.com/orgs/raintank/tickets#) for early access. Learn more about Service Accounts in our [docs](https://grafana.com/docs/grafana/latest/administration/service-accounts).
+Service accounts are a major evolution for machine access within Grafana. You can create multiple API tokens per service account with independent expiration dates, and temporarily disable a service account without deleting it. These benefits make Service Accounts a more flexible way for Terraform and other apps to authenticate with Grafana. Service accounts also work with [fine-grained access control](https://grafana.com/docs/grafana/latest/enterprise/access-control/) in [Grafana Enterprise](https://grafana.com/docs/grafana/latest/enterprise/): you can improve security by granting service accounts specific roles to limit the functions they can perform. Service accounts are available in beta; you can try them out by enabling the `service-accounts` feature toggle or, if you use Grafana Cloud, [reaching out to our support team](https://grafana.com/orgs/raintank/tickets#) for early access. Learn more about Service Accounts in our [docs](https://grafana.com/docs/grafana/latest/administration/service-accounts).
 
 {{< figure src="/static/img/docs/service-accounts/configure-8-5.png" max-width="400px" caption="Configure service accounts" >}}
 

docs/sources/whatsnew/whats-new-in-v9-0.md

@@ -85,7 +85,7 @@ The new heatmap by default assumes that the data is pre-bucketed. So if your que
 
 Grafana Alerting is now on by default if you upgrade from an earlier version of Grafana. If you have been using legacy alerting in an earlier version of Grafana and you upgrade to Grafana 9 your alert rules will be automatically migrated and the legacy alerting interface will be replaced by the Grafana Alerting interface.
 
-Grafana Alerting, called unified alerting in Grafana 8, has been available since June, 2021 now provides feature parity with legacy alerting and many additional benefits. To find out more on the process to revert back to legacy alerts if needed, click [here]({{< relref "../alerting/migrating-alerts/opt-out/" >}}). Note that if you do revert back (by setting the Grafana config flag GF_UNIFIED_ALERTING_ENABLED to false), that we expect to remove legacy alerting in the next major Grafana release, Grafana 10.
+Grafana Alerting, called unified alerting in Grafana 8, has been available since June, 2021 now provides feature parity with legacy alerting and many additional benefits. To find out more on the process to revert back to legacy alerts if needed, click [here]({{< relref "../alerting/migrating-alerts/opt-out" >}}). Note that if you do revert back (by setting the Grafana config flag GF_UNIFIED_ALERTING_ENABLED to false), that we expect to remove legacy alerting in the next major Grafana release, Grafana 10.
 
 ### Alert state history for Grafana managed alerts
 
@@ -105,7 +105,7 @@ Grafana now uses envelope encryption to encrypt secrets in the database. Envelop
 
 The dashboard previews initially came to life during our internal [Grafana Labs Hackathon](https://grafana.com/blog/2022/01/14/all-about-the-grafana-labs-hackathon-2.0/?), and are now ready for an opt-in beta release. The previews provide an overview of all available dashboards and help you quickly find the right dashboard when the dashboard names aren’t enough.
 
-Refer to the [Dashboard previews topic](https://grafana.com/docs/grafana/next/dashboards/previews/) for instructions on how to enable the feature and current limitations.
+Refer to the [Dashboard previews topic]({{< relref "../search/dashboard-previews" >}}) for instructions on how to enable the feature and current limitations.
 
 {{< figure src="/static/img/docs/dashboards/dashboard-previews.png" max-width="750px" caption="Dashboard previews" >}}
 

docs/variables.mk

@@ -7,5 +7,3 @@ export DOC_VALIDATOR_IMAGE := $(shell sed -En 's, *image: "(grafana/doc-validato
 # Skip some doc-validator checks.
 export DOC_VALIDATOR_SKIP_CHECKS := ^(?:image.+|canonical-does-not-match-pretty-URL)$
 
-# Use alternative image until make-docs 3.0.0 is rolled out.
-export DOCS_IMAGE := grafana/docs-base:dbd975af06