# OpenSearch Dashboards is served by a back end server. This setting specifies the port to use.
# server.port: 5601

# Specifies the address to which the OpenSearch Dashboards server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
# server.host: "localhost"

# Enables you to specify a path to mount OpenSearch Dashboards at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell OpenSearch Dashboards if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
# server.basePath: ""

# Specifies whether OpenSearch Dashboards should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# server.rewriteBasePath: true

# The maximum payload size in bytes for incoming server requests.
# server.maxPayloadBytes: 1048576

# The OpenSearch Dashboards server's name.  This is used for display purposes.
# server.name: "your-hostname"

# The URLs of the OpenSearch instances to use for all your queries.
# opensearch.hosts: ["http://localhost:9200"]

# OpenSearch Dashboards uses an index in OpenSearch to store saved searches, visualizations and
# dashboards. OpenSearch Dashboards creates a new index if the index doesn't already exist.
# opensearchDashboards.index: ".opensearch_dashboards"

# OpenSearch Dashboards uses an index in OpenSearch to store dynamic configurations.
# This shall be a different index from opensearchDashboards.index.
# opensearchDashboards.configIndex: ".opensearch_dashboards_config"

# Set the value of this setting to true to enable plugin application config. By default it is disabled.
# application_config.enabled: true

# Set the value of this setting to true to enable plugin CSP handler. By default it is disabled.
# It requires the application config plugin as its dependency.
# csp_handler.enabled: true

# The default application to load.
# opensearchDashboards.defaultAppId: "home"

# Set the value to true to disable the welcome screen
# home.disableWelcomeScreen: true

# Set the value to true to disable the experience selection modal
# home.disableExperienceModal: true

# Setting for an optimized healthcheck that only uses the local OpenSearch node to do Dashboards healthcheck.
# This settings should be used for large clusters or for clusters with ingest heavy nodes.
# It allows Dashboards to only healthcheck using the local OpenSearch node rather than fan out requests across all nodes.
#
# It requires the user to create an OpenSearch node attribute with the same name as the value used in the setting
# This node attribute should assign all nodes of the same cluster an integer value that increments with each new cluster that is spun up
# e.g. in opensearch.yml file you would set the value to a setting using node.attr.cluster_id:
# Should only be enabled if there is a corresponding node attribute created in your OpenSearch config that matches the value here
# opensearch.optimizedHealthcheck.id: "cluster_id"
# opensearch.optimizedHealthcheck.filters: {
#  attribute_key: "attribute_value",
# }

# If your OpenSearch is protected with basic authentication, these settings provide
# the username and password that the OpenSearch Dashboards server uses to perform maintenance on the OpenSearch Dashboards
# index at startup. Your OpenSearch Dashboards users still need to authenticate with OpenSearch, which
# is proxied through the OpenSearch Dashboards server.
# opensearch.username: "opensearch_dashboards_system"
# opensearch.password: "pass"

# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the OpenSearch Dashboards server to the browser.
# server.ssl.enabled: false
# server.ssl.certificate: /path/to/your/server.crt
# server.ssl.key: /path/to/your/server.key

# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files are used to verify the identity of OpenSearch Dashboards to OpenSearch and are required when
# xpack.security.http.ssl.client_authentication in OpenSearch is set to required.
# opensearch.ssl.certificate: /path/to/your/client.crt
# opensearch.ssl.key: /path/to/your/client.key

# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your OpenSearch instance.
# opensearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
# opensearch.ssl.verificationMode: none

# Allowed cipher suites list can be configured below, in preference order.
# Cipher suite names should be in OpenSSL format (https://www.openssl.org/docs/man1.1.1/man1/ciphers.html#CIPHER-SUITE-NAMES)
# Default set of cipher suites for your system can be checked by running the following command in your terminal:
# echo 'console.log(require("crypto").constants.defaultCoreCipherList.split(":"))' | node -
# Below you can find an example of cipher suites considered to be secure
# Keep in mind that older clients might not support them
# Refer to https://ciphersuite.info/ and https://ssl-config.mozilla.org/ for more details and recommendations about cipher suites
# Keep in mind that restricting cipher suites might disable older versions of TLS, as not all cipher suites are supported by them
# server.ssl.cipherSuites:
#  - TLS_AES_256_GCM_SHA384
#  - TLS_CHACHA20_POLY1305_SHA256
#  - TLS_AES_128_GCM_SHA256
#  - ECDHE-ECDSA-AES256-GCM-SHA384
#  - ECDHE-ECDSA-CHACHA20-POLY1305
#  - ECDHE-ECDSA-AES128-GCM-SHA256

# Time in milliseconds to wait for OpenSearch to respond to pings. Defaults to the value of
# the opensearch.requestTimeout setting.
# opensearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or OpenSearch. This value
# must be a positive integer.
# opensearch.requestTimeout: 30000

# Enables the memory circuit breaker that prevents heap out of memory errors for large query responses.
# If enabled, we will provide additional check to prevent potential out of memory error in @openserach-project/opensearch.
# The default threshold is based on the `max-old-space-size` of NodeJS. It is configurable by tuning `opensearch.memoryCircuitBreaker.maxPercentage`.
# opensearch.memoryCircuitBreaker.enabled: true

# The pecentage of maximum heap allowed for processing response. The default value of the pecentage is `1.0`. The valid input range should be [0, 1] inclusively.
# For reference, the `threshold of memoryCircuitBreaker` = `max-old-space-size of NodeJS` * `opensearch.memoryCircuitBreaker.maxPercentage`
# opensearch.memoryCircuitBreaker.maxPercentage: 1.0

# DEPRECATED: Use opensearch.requestHeadersAllowlist
# List of OpenSearch Dashboards client-side headers to send to OpenSearch. To send *no* client-side
# headers, set this value to [] (an empty list).
# opensearch.requestHeadersWhitelist: [ authorization ]

# List of OpenSearch Dashboards client-side headers to send to OpenSearch. To send *no* client-side
# headers, set this value to [] (an empty list).
# opensearch.requestHeadersAllowlist: [ authorization ]

# Header names and values that are sent to OpenSearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the opensearch.requestHeadersAllowlist configuration.
# opensearch.customHeaders: {}

# Time in milliseconds for OpenSearch to wait for responses from shards. Set to 0 to disable.
# opensearch.shardTimeout: 30000

# Logs queries sent to OpenSearch. Requires logging.verbose set to true.
# opensearch.logQueries: true

# Disables errors from the OpenSearch JS client and enables you to utilize protected words such as: 'boolean', 'proto', 'constructor'.
# within cluster. By default, OpenSearch Dashboards and the client will protect you against prototype poisoning attacks.
# WARNING: Index patterns are user-supplied data. Disabling this will place the expectation that you are handling the data safely.
# opensearch.disablePrototypePoisoningProtection: true

# Specifies the path where OpenSearch Dashboards creates the process ID file.
# pid.file: /var/run/opensearchDashboards.pid

# Enables you to specify a file where OpenSearch Dashboards stores log output.
# logging.dest: stdout

# This configuration option controls the handling of error messages in the logging stream. It is disabled by default.
# When set to true, the 'ENOSPC' error message will not cause the OpenSearch Dashboards process to crash. Otherwise,
# the original behavior will be maintained.
# logging.ignoreEnospcError: true

# Set the value of this setting to true to suppress all logging output.
# logging.silent: true

# Set the value of this setting to true to suppress all logging output other than error messages.
# logging.quiet: true

# Set the value of this setting to true to log all events, including system usage information
# and all requests.
# logging.verbose: true

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
# ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
# i18n.locale: "en"

# Set the allowlist to check input graphite Url. Allowlist is the default check list.
# vis_type_timeline.graphiteAllowedUrls: ['https://www.hostedgraphite.com/UID/ACCESS_KEY/graphite']

# Set the denylist to check input graphite Url. Denylist is an IP list.
# Below is an example for reference

# vis_type_timeline.graphiteBlockedIPs: [
#  //Loopback
#  '127.0.0.0/8',
#  '::1/128',
#  //Link-local Address for IPv6
#  'fe80::/10',
#  //Private IP address for IPv4
#  '10.0.0.0/8',
#  '172.16.0.0/12',
#  '192.168.0.0/16',
#  //Unique local address (ULA)
#  'fc00::/7',
#  //Reserved IP address
#  '0.0.0.0/8',
#  '100.64.0.0/10',
#  '192.0.0.0/24',
#  '192.0.2.0/24',
#  '198.18.0.0/15',
#  '192.88.99.0/24',
#  '198.51.100.0/24',
#  '203.0.113.0/24',
#  '224.0.0.0/4',
#  '240.0.0.0/4',
#  '255.255.255.255/32',
#  '::/128',
#  '2001:db8::/32',
#  'ff00::/8',
# ]

# vis_type_timeline.graphiteDeniedIPs: []

# vis_type_timeline.graphiteDeniedIPs: [
#  //Loopback
#  '127.0.0.0/8',
#  '::1/128',
#  //Link-local Address for IPv6
#  'fe80::/10',
#  //Private IP address for IPv4
#  '10.0.0.0/8',
#  '172.16.0.0/12',
#  '192.168.0.0/16',
#  //Unique local address (ULA)
#  'fc00::/7',
#  //Reserved IP address
#  '0.0.0.0/8',
#  '100.64.0.0/10',
#  '192.0.0.0/24',
#  '192.0.2.0/24',
#  '198.18.0.0/15',
#  '192.88.99.0/24',
#  '198.51.100.0/24',
#  '203.0.113.0/24',
#  '224.0.0.0/4',
#  '240.0.0.0/4',
#  '255.255.255.255/32',
#  '::/128',
#  '2001:db8::/32',
#  'ff00::/8',
# ]

# opensearchDashboards.branding:
#   logo:
#     defaultUrl: ""
#     darkModeUrl: ""
#   mark:
#     defaultUrl: ""
#     darkModeUrl: ""
#   loadingLogo:
#     defaultUrl: ""
#     darkModeUrl: ""
#   faviconUrl: ""
#   applicationTitle: ""
#   useExpandedHeader: false

# Set the value of this setting to true to capture region denied warnings and errors
# for your map rendering services.

# map.showRegionDeniedWarning: true

# Set the value of this setting to false to suppress search usage telemetry
# for reducing the load of OpenSearch cluster.
# data.search.usageTelemetry.enabled: false

# Set the value of this setting to false to disable VisBuilder
# functionality in Visualization.
# vis_builder.enabled: false

# Set the value of this setting to true to hide local cluster in data source feature.
# data_source.hideLocalCluster: true

# Set the value of these settings to customize crypto materials to encryption saved credentials
# in data sources.
# data_source.encryption.wrappingKeyName: 'changeme'
# data_source.encryption.wrappingKeyNamespace: 'changeme'
# data_source.encryption.wrappingKey: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

# IP addresses and CIDR ranges that are blocked from being used as data source endpoints
# This prevents connections to internal/private networks and reserved IP ranges
# data_source.endpointDeniedIPs: [
#    '127.0.0.0/8',           # Loopback addresses (localhost)
#    '::1/128',               # IPv6 loopback address
#    '169.254.0.0/16',        # Link-local addresses (AWS metadata service)
#    'fe80::/10',             # IPv6 link-local addresses
#    '10.0.0.0/8',            # Private network - Class A
#    '172.16.0.0/12',         # Private network - Class B
#    '192.168.0.0/16',        # Private network - Class C
#    'fc00::/7',              # IPv6 Unique Local Addresses (ULA)
#    '0.0.0.0/8',             # Reserved IP Address
#    '100.64.0.0/10',         # Shared address space (CGNAT)
#    '192.0.0.0/24',          # IETF Protocol Assignments
#    '192.0.2.0/24',          # Documentation and examples (TEST-NET-1)
#    '198.18.0.0/15',         # Benchmarking
#    '192.88.99.0/24',        # IPv6 to IPv4 relay (deprecated)
#    '198.51.100.0/24',       # Documentation and examples (TEST-NET-2)
#    '203.0.113.0/24',        # Documentation and examples (TEST-NET-3)
#    '224.0.0.0/4',           # Multicast addresses
#    '240.0.0.0/4',           # Reserved for future use
#    '255.255.255.255/32',    # Broadcast address
#    '::/128',                # IPv6 unspecified address
#    '2001:db8::/32',         # IPv6 documentation and examples
#    'ff00::/8',              # IPv6 multicast addresses
# ]

# Endpoint hostname suffixes that bypass IP validation
# data_source.endpointAllowlistedSuffixes: []

# Optional setting that enables you to specify a path to PEM files for the certificate
# authority for your connected datasources.
# data_source.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates for connected data sources, change this setting's value to 'none'.
# Possible values include full, certificate and none
# data_source.ssl.verificationMode: none

# Set enabled false to hide authentication method in OpenSearch Dashboards.
# If this setting is commented then all 3 options will be available in OpenSearch Dashboards.
# Default value will be considered to True.
# data_source.authTypes:
#   NoAuthentication:
#     enabled: false
#   UsernamePassword:
#     enabled: false
#   AWSSigV4:
#     enabled: false

# Optional setting that controls the permissions of data source to create, update and delete.
# "none": The data source is readonly for all users.
# "dashboard_admin": The data source can only be managed by dashboard admin.
# "all": The data source can be managed by all users. Default to "all".
# data_source_management.manageableBy: "none"

# Set the backend roles in groups, whoever has the backend roles defined in this config will be regard as dataSourceAdmin.
# DataSource Admin will have the access to all the data source saved objects inside OpenSearch Dashboards by api.
# data_source_management.dataSourceAdmin.groups: ["data_source_management"]

# Set the value of this setting to false to hide the help menu link to the OpenSearch Dashboards user survey
# opensearchDashboards.survey.url: false

# @experimental Set the value of this setting to display navigation updates, including dev tool top right navigation
# opensearchDashboards.futureNavigation: true

# Set the value of this setting to true to enable plugin augmentation on Dashboard
# vis_augmenter.pluginAugmentationEnabled: true

# Set the value to true to enable permission control for saved objects
# Permission control depends on OpenSearch Dashboards has authentication enabled, set it to false when the security plugin is not installed,
# if the security plugin is not installed and this config is true, permission control takes no effect.
# savedObjects.permission.enabled: true

# uiSettings:
#   overrides:
#     "home:useNewHomePage": true

# Set a maximum number of workspaces
# by default, there is no limit.
# workspace.maximum_workspaces: 100

# Optional settings to specify saved object types to be deleted during migration.
# This feature can help address compatibility issues that may arise during the migration of saved objects, such as types defined by legacy applications.
# Please note, using this feature carries a risk. Deleting saved objects during migration could potentially lead to unintended data loss. Use with caution.
# migrations.delete.enabled: true
# migrations.delete.types: []

# Set the value to true to enable Ui Metric Collectors in Usage Collector
# This publishes the Application Usage and UI Metrics into the saved object, which can be accessed by /api/stats?extended=true&legacy=true&exclude_usage=false
# usageCollection.uiMetric.enabled: true

# Set the value to true to enable dynamic config service to obtain configs from a config store. By default, it's disabled
# dynamic_config_service.enabled: true

# Set the value to true to enable direct data import from a file
# data_importer.enabled: true

# Set the backend roles in groups or users, whoever has the backend roles or exactly match the user ids defined in this config will be regard as dashboard admin.
# Dashboard admin will have the access to all the workspaces(workspace.enabled: true) and objects inside OpenSearch Dashboards.
# The default config is [], and no one will be dashboard admin.
# If the user config is set to wildcard ["*"], anyone will be dashboard admin.
# opensearchDashboards.dashboardAdmin.groups: ["dashboard_admin"]
# opensearchDashboards.dashboardAdmin.users: ["dashboard_admin"]

# Set the value to true to enable the new UI for savedQueries in Discover
# data.savedQueriesNewUI.enabled: true

# Set the value to true to enable the banner plugin
# banner.enabled: true

# Set the content of the banner
# banner.content: "This is an important announcement for all users. [Learn more](https://opensearch.org) about OpenSearch."

# set the value to false to disable the keyboard shortcuts
# opensearchDashboards.keyboardShortcuts.enabled: false

# set the value to true to enable dataset management
# datasetManagement.enabled: true

# The new OpenSearch Dashboards Experience
# Enable the following three flags together for the new OpenSearch Dashboards discover features
# ===========================================

# Set the value of this setting to true to enable multiple data source feature.
# data_source.enabled: true

# Set the value to true to enable workspace feature
# Please note, workspace will not work with multi-tenancy. To enable workspace feature, you need to disable multi-tenancy first with `opensearch_security.multitenancy.enabled: false`
# workspace.enabled: true

# explore.enabled: true

# @experimental Set the value to true to enable discover traces
# explore.discoverTraces.enabled: true

# @experimental Set the enabled value to true and provide an AG-UI agent to enable chat
# chat:
  # enabled: true
  # agUiUrl: "http://your-ai-agent-url:port"
  # mlCommonsAgentId: "olly-chat-agent-id"

# @experimental Set the value to true to enable context provider
# contextProvider:
#   enabled: true