Edit Kibana user settingsedit

Elasticsearch Service supports most of the standard Kibana and X-Pack settings. Through a YAML editor in the console, you can append Kibana properties to the kibana.yml file. Your changes to the configuration file are read on startup.

Be aware that some settings that could break your cluster if set incorrectly and that the syntax might change between major versions. Before upgrading, be sure to review the full list of the latest Kibana settings and syntax.

To change Kibana settings:

  1. Log in to the Elasticsearch Service Console.
  2. Select your deployment on the home page in the Elasticsearch Service card or go to the deployments page.

    Narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list.

  3. From your deployment menu, go to the Edit page.
  4. In the Kibana section, click Edit user settings. (For deployments with existing user settings, you may have to expand the Edit kibana.yml caret instead.)
  5. Update the user settings.
  6. Click Save changes.

Saving your changes initiates a configuration plan change that restarts Kibana automatically for you.

If a setting is not supported by Elasticsearch Service, you will get an error message when you try to save.

Supported Kibana settingsedit

For version 7.13.0 and later, the following settings are supported:

server.maxPayload
The maximum payload size in bytes for incoming server requests. Default: 1048576. To learn more, see Configure Kibana.
server.securityResponseHeaders.strictTransportSecurity
Controls whether the Strict-Transport-Security header is used in all responses to the client from the Kibana server. To learn more, see Configure Kibana.
server.securityResponseHeaders.xContentTypeOptions
Controls whether the X-Content-Type-Options header is used in all responses to the client from the Kibana server. To learn more, see Configure Kibana.
server.securityResponseHeaders.referrerPolicy
Controls whether the Referrer-Policy header is used in all responses to the client from the Kibana server. To learn more, see Configure Kibana.
server.securityResponseHeaders.permissionsPolicy
Controls whether the Permissions-Policy header is used in all responses to the client from the Kibana server. To learn more, see Configure Kibana.
server.securityResponseHeaders.disableEmbedding
Controls whether the Content-Security-Policy and X-Frame-Options headers are configured to disable embedding Kibana in other webpages using iframes. To learn more, see Configure Kibana.

For version 7.11.0 and later, the following settings are supported:

server.publicBaseUrl
Specifies the publicly available URL that end-users access Kibana at. Should be set when using a reverse proxy for a custom URL. To learn more, see Configure Kibana.

For version 7.3.0 to 7.14, the following settings are supported:

kibana.autocompleteTimeout
Specifies the time in milliseconds to wait for autocomplete suggestions from Elasticsearch. The default is 1000. Allowed values are between 1 and 1200000. To learn more, see Configure Kibana.
kibana.autocompleteTerminateAfter
Specifies the max number of documents loaded by each shard to generate autocomplete suggestions. The default is 100000. Allowed values are between 1 and 10000000. To learn more, see Configure Kibana.

For version 7.14.0 and later, the following settings are supported:

data.autocomplete.timeout
Specifies the time in milliseconds to wait for autocomplete suggestions from Elasticsearch. The default is 1000. Allowed values are between 1 and 1200000. To learn more, see Configure Kibana.
data.autocomplete.terminateAfter
Specifies the max number of documents loaded by each shard to generate autocomplete suggestions. The default is 100000. Allowed values are between 1 and 10000000. To learn more, see Configure Kibana.

For version 7.0.0 to 7.15, the following settings are supported:

timelion.ui.enabled

The Timelion application no longer appears by default in the Kibana side navigation.

Set to true to add Timelion back into the side navigation. In version 7.16.0 the Timelion app is removed and this setting is no longer supported.

For version 6.7.0 and later, the following settings are supported:

i18n.locale
Specifies the locale for all strings, dates, and number formats that can be localized. Defaults to en (English).

For version 6.0.0 and later, the following settings are supported:

vega.enableExternalUrls
Set to true to allow Vega vizualizations to use data from sources other than the linked Elasticsearch cluster. In stack version 8.0.0 and above, the vega.enableExternalUrls is not supported. Use vis_type_vega.enableExternalUrls instead.

For version 5.6.0 and later, the following settings are supported:

server.defaultRoute
Specifies the default route when opening Kibana. You can use this setting to modify the landing page when opening Kibana.
server.customResponseHeaders
Specifies HTTP header names and values that the Kibana backend will return to the client.
Map
map.regionmap:

Specifies additional vector layers for use in Region Map visualizations. Each layer object points to an external vector file that contains a geojson FeatureCollection. The file must use the WGS84 coordinate reference system and only include polygons. If the file is hosted on a separate domain from Kibana, the server needs to be CORS-enabled so Kibana can download the file. The following example shows a valid regionmap configuration.

map.regionmap:
  includeElasticMapsService: false
  layers:
    - name: "Departments of France"
      url: "http://my.cors.enabled.server.org/france_departements.geojson"
      attribution:   "INRAP"
      fields:
        - name: "department"
          description: "Full department name"
        - name: "INSEE"
          description: "INSEE numeric identifier"
map.regionmap.includeElasticMapsService:
Turns on or off whether layers from the Elastic Maps Service should be included in the vector layer option list. Supported on Elastic Cloud Enterprise. By turning this off, only the layers that are configured here will be included. The default is true.
map.regionmap.layers[].attribution:
Optional. References the originating source of the geojson file.
map.regionmap.layers[].fields[]:
Mandatory. Each layer can contain multiple fields to indicate what properties from the geojson features you wish to expose. The example above shows how to define multiple properties.
map.regionmap.layers[].fields[].description:
Mandatory. The human readable text that is shown under the Options tab when building the Region Map visualization.
map.regionmap.layers[].fields[].name:
Mandatory. This value is used to do an inner-join between the document stored in Elasticsearch and the geojson file. For example, if the field in the geojson is called Location and has city names, there must be a field in Elasticsearch that holds the same values that Kibana can then use to lookup for the geoshape data.
map.regionmap.layers[].name:
Mandatory. A description of the map being provided.
map.regionmap.layers[].url:
Mandatory. The location of the geojson file as provided by a webserver.
tilemap.options.attribution
Adds the map attribution string.
tilemap.options.maxZoom
Sets the maximum zoom level.
tilemap.options.minZoom
Sets the minimum zoom level.
tilemap.options.subdomains
Provides an array of subdomains used by the tile service. Specify the position of the subdomain the URL with the token {s}.
tilemap.url
Lists the URL to the tileservice that Kibana uses to display map tiles in tilemap visualizations.

For version 7.0.0 and later, the following map.tilemap settings are supported: map.tilemap.options.attribution:: Adds the map attribution string.

map.tilemap.options.maxZoom
Sets the maximum zoom level.
map.tilemap.options.minZoom
Sets the minimum zoom level.
map.tilemap.options.subdomains
Provides an array of subdomains used by the tile service. Specify the position of the subdomain the URL with the token {s}.
map.tilemap.url
Lists the URL to the tileservice that Kibana uses to display map tiles in tilemap visualizations.
vis_type_table.legacyVisEnabled
For version 7.11 to 7.16, a new version of the datatable visualization is used. Set to true to enable the legacy version. In version 8.0, the old implementation is removed and this setting is no longer supported.
SAML
If you are using SAML to secure your clusters, these settings are supported in Elasticsearch Service.

For version 7.8.1 and later, the following additional settings are supported:

xpack.security.authc.providers.saml.<provider-name>.useRelayStateDeepLink
Specifies if Kibana should treat the RelayState parameter as a deep link when Identity Provider Initiated login flow is used.

For version 7.7 and later, only the following SAML user settings are needed:

xpack.security.authc.providers.saml.<provider-name>.order
Specifies order of the SAML authentication provider in the authentication chain.
xpack.security.authc.providers.saml.<provider-name>.realm
Specifies which SAML realm in Elasticsearch should be used.
xpack.security.authc.providers.saml.<provider-name>.maxRedirectURLSize
Specifies the maximum size of the URL that Kibana is allowed to store during the SAML handshake.
xpack.security.authc.providers.saml.<provider-name>.description
Specifies how SAML login should be titled in the Login Selector UI.

For version 7.5 and later, the following SAML user settings are also supported:

xpack.security.authc.saml.maxRedirectURLSize
Specifies the maximum size of the URL that Kibana is allowed to store during the SAML handshake.

For version 7.2 and later, the following SAML user settings are also supported:

xpack.security.authc.saml.realm
Specifies which SAML realm in Elasticsearch should be used.
xpack.security.authc.providers
Specifies which providers are going to be used in Kibana.

The following settings are deprecated and are not supported in version 8.0 * xpack.security.authProviders * xpack.security.public.protocol * xpack.security.public.hostname * xpack.security.public.port * xpack.security.authc.saml.useRelayStateDeepLink

*For version 6.8.11, the following SAML user settings are also supported:

xpack.security.authc.saml.useRelayStateDeepLink
Specifies if Kibana should treat the RelayState parameter as a deep link when Identity Provider Initiated login flow is used.

For version 6.4 and later, The following SAML user settings are also supported:

xpack.security.authProviders
Set to saml to instruct Kibana to use SAML SSO as the authentication method.
server.xsrf.whitelist
Whitelists the SAML authentication URL within Kibana, so that the Kibana server doesn’t reject external authentication messages that originate from your Identity Provider.
xpack.security.public.protocol
Set to HTTP or HTTPS. To access Kibana, HTTPS protocol is recommended.
xpack.security.public.hostname
Set to a fully qualified hostname to connect your users to the proxy server.
xpack.security.public.port
The port number that connects your users to the proxy server (for example, 80 for HTTP or 443 for HTTPS).

To learn more, see configuring Kibana to use SAML.

OpenID Connect
If you are using OpenID Connect to secure your clusters, these settings are supported in Elasticsearch Service.

For version 7.7 and later, only the following OpenID Connect user settings are needed:

xpack.security.authc.providers.oidc.<provider-name>.order
Specifies order of the OpenID Connect authentication provider in the authentication chain.
xpack.security.authc.providers.oidc.<provider-name>.realm
Specifies which OpenID Connect realm in Elasticsearch should be used.
xpack.security.authc.providers.oidc.<provider-name>.description
Specifies how OpenID Connect login should be titled in the Login Selector UI.

For version 7.4 and later, the following OpenID Connect user settings are also supported:

xpack.security.authc.oidc.realm
Specifies which OpenID Connect realm in Elasticsearch should be used.

To learn more, see configuring Kibana to use OpenID Connect.

Anonymous authentication
If you want to allow anonymous authentication in Kibana, these settings are supported in Elasticsearch Service. To learn more on how to enable anonymous access, see Enabling anonymous access
xpack.security.authc.anonymous.*
Enables access for the anonymous user. In versions prior to 7.10 anonymous access is enabled by default, but you can add this setting if you want to avoid anonymous access being disabled accidentally by a subsequent upgrade.

For version 7.11 and later, the following anonymous authentication settings are needed:

xpack.security.authc.providers.anonymous.<provider-name>.order
Specifies order of the anonymous authentication provider in the authentication chain.
xpack.security.authc.providers.anonymous.<provider-name>.credentials
Specifies which credentials Kibana should use for anonymous users.

To learn more, see configuring Kibana to use anonymous authentication.

xpack.security.sessionTimeout
Specifies the session duration in milliseconds. Allows a value between 15000 (15 seconds) and 86400000 (1 day). To learn more, see Security settings in Kibana. Deprecated in versions 7.6+ and removed in versions 8.0+.

X-Pack configuration settingsedit

You can configure the following X-Pack settings from the Kibana User Settings editor.

For version 7.14 and later:

The following settings are deprecated and are not supported in version 8.0

  • xpack.actions.rejectUnauthorized
  • xpack.actions.proxyRejectUnauthorizedCertificates
xpack.actions.customHostSettings
An array of objects, one per host, containing the SSL/TLS settings used when executing connectors which make HTTPS and SMTP connections to the host servers. For details about using this setting, see Alerting and action settings in Kibana.
xpack.actions.proxyVerificationMode
Controls the verification of the proxy server certificate that hosted-ems receives when making an outbound SSL/TLS connection to the host server. Valid values are full, certificate, and none. Use full to perform hostname verification, certificate to skip hostname verification, and none to skip verification. Default: full.
xpack.actions.verificationMode
Controls the verification of the server certificate that hosted-ems receives when making an outbound SSL/TLS connection to the host server. Valid values are full, certificate, and none. Use full to perform hostname verification, certificate to skip hostname verification, and none to skip verification. Default: full.
xpack.task_manager.monitored_stats_health_verbose_log.enabled
Enable to allow the Kibana task manager to log at either a warning or error log level if it self-detects performance issues. Default: false.
xpack.task_manager.monitored_stats_health_verbose_log.warn_delayed_task_start_in_seconds
The number of seconds we allow a task to delay before printing a warning server log. Default: 60.
Content security policy configuration
csp.script_src
Add sources for the Content Security Policy script-src directive. When csp.strict is true, csp.script_src may not be unsafe-inline. Rules may not contain nonce-* or none and will not override the defaults. *Default: ['unsafe-eval', 'self']
csp.worker_src
Add sources for the Content Security Policy worker-src directive. Rules may not contain nonce-* or none and will not override the defaults. *Default: [blob:, 'self']
csp.style_src
Add sources for the Content Security Policy style-src directive. Rules may not contain nonce-* or none and will not override the defaults. *Default: ['unsafe-inline', 'self']
csp.connect_src
Add sources for the Content Security Policy connect-src directive.
csp.default_src
Add sources for the Content Security Policy default-src directive.

csp.font_src ::Add sources for the Content Security Policy font-src directive.

csp.frame_src
Add sources for the Content Security Policy frame-src directive.
csp.img_src
Add sources for the Content Security Policy img-src directive.

csp.report_uri::Add sources for the Content Security Policy report-uri directive.

csp.strict
Blocks Kibana access to any browser that does not enforce even rudimentary CSP rules. In practice, this disables support for older, less safe browsers like Internet Explorer. Default: true To learn more, see Configure Kibana].
`csp.warnLegacyBrowsers
Shows a warning message after loading Kibana to any browser that does not enforce even rudimentary CSP rules, though Kibana is still accessible. This configuration is effectively ignored when csp.strict is enabled. Default: true

For version 7.13 and later:

xpack.actions.preconfiguredAlertHistoryEsIndex
Set to true to enable experimental Alert history Elasticsearch index connector. Default: false.
xpack.discoverEnhanced.actions.exploreDataInContextMenu.enabled
Set to true to enable the "explore underlying data" menu action in dashboards. Default: false.
xpack.actions.proxyBypassHosts
Specifies hostnames which should not use the proxy, if using a proxy for actions. The value is an array of hostnames as strings. By default, all hosts will use the proxy. The settings xpack.actions.proxyBypassHosts and xpack.actions.proxyOnlyHosts cannot be used at the same time.
xpack.actions.proxyOnlyHosts
Specifies hostnames which should only be used with the proxy, if using a proxy for actions. The value is an array of hostnames as strings. By default, all hosts will use the proxy. The settings xpack.actions.proxyBypassHosts and xpack.actions.proxyOnlyHosts cannot be used at the same time.
Banner settings
Banners are disabled by default. You need to manually configure them in order to use the feature.
xpack.banners.placement
Set to top to display a banner above the Elastic header. Defaults to disabled.
xpack.banners.textContent
The text to display inside the banner, either plain text or Markdown.
xpack.banners.textColor
The color for the banner text. Defaults to #8A6A0A.
xpack.banners.backgroundColor
The color of the banner background. Defaults to #FFF9E8.
xpack.banners.disableSpaceBanners
If true, per-space banner overrides are disabled. Defaults to false.

For version 7.12.1 and later:

xpack.actions.maxResponseContentLength
Specifies the max number of bytes of the HTTP response for requests to external resources. Defaults to 1mb.
xpack.actions.responseTimeout
Specifies the time allowed for requests to external resources. Requests that take longer are aborted. The time is formatted as <count>[ms|s|m|h|d|w|M|Y], for example, 20m, 24h, 7d, 1w. Defaults to 60s.

For version 7.11 and later:

xpack.task_manager.monitored_task_execution_thresholds

Specifies the thresholds for failed task executions. If the percentage of failed executions exceeds the specified thresholds, the health of the task will be reported as configured. Can be specified at a default level or a custom level for specific task types. The following example shows a valid monitored_task_execution_thresholds configuration.

xpack.task_manager.monitored_task_execution_thresholds:
  default:
    error_threshold: 70
    warn_threshold: 50
  custom:
    "alerting:.index-threshold":
      error_threshold: 50
      warn_threshold: 0
xpack.task_manager.version_conflict_threshold
Specifies the threshold for version conflicts. If the percentage of version conflicts exceeds the threshold, the task manager poll_interval will automatically be adjusted. Default: 80.

The following settings are deprecated and are not supported in version 8.0: xpack.task_manager.index.

For version 7.10 and later:

xpack.actions.proxyUrl
Specifies the proxy URL to use, if using a proxy for actions.
xpack.actions.proxyHeaders
Specifies headers for proxy, if using a proxy for actions.
xpack.actions.proxyRejectUnauthorizedCertificates
Set to false to bypass certificate validation for proxy, if using a proxy for actions.
xpack.actions.rejectUnauthorized
Set to false to bypass certificate validation for actions.

For version 7.9 and later:

xpack.ingestManager.enabled
Set to false to disable the Ingest Manager application. Also enables the EPM and Fleet features. For details about using this application, see the blog post Easier data onboarding with Elastic Agent and Ingest Manager.
xpack.ingestManager.fleet.enabled
Set to false to disable the Fleet API & UI.
xpack.lists.maxImportPayloadBytes
Sets the number of bytes (default 9000000, maximum 100000000) allowed for uploading Security Solution value lists. For every 10 megabytes, it is recommended to have an additional 1 gigabyte of RAM reserved for Kibana. For example, on a Kibana instance with 2 gigabytes of RAM, you can set this value up to 20000000 (20 megabytes).
xpack.lists.importBufferSize
Sets the buffer size used for uploading Security Solution value lists (default 1000). Change the value if you are experiencing slow upload speeds or larger than wanted memory usage when uploading value lists. Set to a higher value to increase throughput at the expense of using more Kibana memory, or a lower value to decrease throughput and reduce memory usage.

For version 7.8:

xpack.ingestManager.enabled
Set to true (default false) to enable the Ingest Manager application. Also enables the EPM and Fleet features. For details about using this application, see the blog post Easier data onboarding with Elastic Agent and Ingest Manager.
xpack.ingestManager.epm.enabled
Set to true (default) to enable the EPM API & UI.
xpack.ingestManager.fleet.enabled
Set to true (default) to enable the Fleet API & UI.

For version 7.7 and later:

xpack.task_manager.max_workers
Specify the maximum number of tasks a Kibana will run concurrently. Default: 10.
xpack.task_manager.poll_interval
Specify how often, in milliseconds, a Kibana should check for more tasks. Default: 3000.
xpack.task_manager.index
Specify the name of the index that the task_manager will use. Cannot be set to .tasks as that is already in use by the Elasticsearch Task Manager. Default: .kibana_task_manager.

For version 7.6 and later:

xpack.security.session.idleTimeout
Set the session duration. The format is a string of count and unit, where unit is one of ms,s,m,h,d,w,M,Y. For example, 70ms, 5s, 3d, 1Y. To learn more, see Security settings in Kibana.
xpack.security.session.lifespan
Sets the maximum duration, also known as "absolute timeout". After this duration, the session will expire even if it is not idle. To learn more, see Security settings in Kibana.
xpack.maps.showMapVisualizationTypes
Set to true if you want to create new region map visualizations.
xpack.actions.allowedHosts
Set to an array of host names which actions such as email, slack, pagerduty, and webhook can connect to. An element of * indicates any host can be connected to. An empty array indicates no hosts can be connected to. Default: [ * ]
xpack.actions.enabledActionTypes
Set to an array of action types that are enabled. An element of * indicates all action types registered are enabled. The action types provided by Kibana are: .server-log, .slack, .email, .index, .pagerduty, .webhook. Default: [ * ]

For version 5.0 and later:

xpack.grokdebugger.enabled
Set to true (default) to enable the Grok Debugger.
xpack.graph.enabled
Set to false to disable X-Pack graph.
xpack.monitoring.cluster_alerts.email_notifications.email_address
When enabled, specifies the email address to receive cluster alert notifications. As of version 6.5, replaces the xpack:defaultAdminEmail setting for monitoring.
xpack.monitoring.kibana.collection.interval
Controls how often data samples are collected.
xpack.monitoring.min_interval_seconds
Specifies the minimum number of seconds that a time bucket in a chart can represent. If you modify the xpack.monitoring.kibana.collection.interval, use the same value in this setting.
xpack.monitoring.ui.container.elasticsearch.enabled
For Elasticsearch clusters that run in containers, enables the Node Listing to display the CPU utilization based on the Cgroup statistics, and adds the Cgroup CPU utilization to the Node Overview page instead of the overall operating system CPU utilization.
monitoring.cluster_alerts.allowedSpaces

Specifies the Kibana spaces where cluster alerts will be auto-generated.

Defaults to true since Elasticsearch cluster running on Elasticsearch services are all containers. If you wish to send monitoring data of your on-prem Elasticsearch installation to Elasticsearch services, you might want to adjust this value to false.

xpack.ml.enabled

Set to true (default) to enable machine learning.

If set to false in kibana.yml, the machine learning icon is hidden in this Kibana instance. If xpack.ml.enabled is set to true in elasticsearch.yml, however, you can still use the machine learning APIs. To disable machine learning entirely, see the Elasticsearch Machine Learning Settings.

xpack.reporting.enabled
Set to false to completely disable reporting.
xpack.reporting.queue.pollEnabled
Set to false to stop the Kibana instance from claiming and executing queued reporting jobs. Reports can still be downloaded from the instance.
xpack.reporting.queue.timeout

Specifies the time each worker has to produce a report. If your machine is slow or under heavy load, you might need to increase this timeout. Specified in milliseconds (number) or duration (string). Duration is a string value formatted as <count>[ms|s|m|h|d|w|M|Y], for example, 20m, 24h, 7d, 1w.

Defaults to 120000 (2 minutes)

xpack.reporting.capture.timeouts.openUrl

Specify how long to allow the Reporting browser to wait for the "Loading…​" screen to dismiss and find the initial data for the Kibana page. If the time is exceeded, a page screenshot is captured showing the current state, and the download link shows a warning message.

Defaults to 30000 (30 seconds).

xpack.reporting.capture.timeouts.waitForElements

Specify how long to allow the Reporting browser to wait for all visualization panels to load on the Kibana page. If the time is exceeded, a page screenshot is captured showing the current state, and the download link shows a warning message.

Defaults to 30000 (30 seconds).

xpack.reporting.capture.timeouts.renderComplete

Specify how long to allow the Reporting browser to wait for all visualizations to fetch and render the data. If the time is exceeded, a page screenshot is captured showing the current state, and the download link shows a warning message.

Defaults to 30000 (30 seconds).

xpack.reporting.capture.browser.type

Specifies the browser to use to capture screenshots. Valid options are phantom and chromium.

Beginning with version 7.0, chromium is the only allowed option. Defaults to phantom for earlier versions.

xpack.reporting.capture.maxAttempts

Specifies how many retries to attempt in case of occasional failures.

Defaults to 3.

xpack.reporting.csv.maxSizeBytes

Sets the maximum size of a CSV file before being truncated. This setting exists to prevent large exports from causing performance and storage issues. Maximum allowed value is 50 MB (52428800 Bytes).

Defaults to 10485760 (10MB).

xpack.reporting.encryptionKey
Set to any text string. To provide your own encryption key for reports, use this setting.

For version 7.13.0 and later, the following xpack.reporting setting is supported: xpack.reporting.roles.enabled:: When true, grants users access to the reporting features when they are assigned the reporting_user role. Granting access to users this way is deprecated. Set to false and use Kibana privileges instead.

+ Defaults to true.

Logging and audit settings
NOTE: To change logging settings or to enable auditing you must first enable deployment logging.

The following logging settings are supported:

logging.verbose
If set to true, all events are logged, including system usage information and all requests. Defaults to false.
logging.quiet
If set to true, all logging output other than error messages is suppressed. Defaults to false.
elasticsearch.logQueries
When set to true, queries sent to Elasticsearch are logged (requires logging.verbose set to true). Defaults to false.
xpack.security.audit.enabled
When set to true, audit logging is enabled for security events. Defaults to false.

For 7.12 and later 7.x versions:

xpack.security.audit.appender.type
When set to "rolling-file" and xpack.security.audit.enabled is set to true, Kibana ECS audit logs are enabled.

For version 7.11 and later:

xpack.security.audit.ignore_filters
List of filters that determine which audit events should be excluded from the ECS audit log.

For 7.11.x versions:

xpack.security.audit.appender.kind
When set to "rolling-file" and xpack.security.audit.enabled is set to true, Kibana ECS audit logs are enabled.
APM
The following APM settings are supported in Kibana:
xpack.apm.ui.enabled
Set to false to disable X-Pack APM UI.
xpack.apm.maxServiceEnvironments
Maximum number of unique service environments recognized by the UI. Defaults to 100.
xpack.apm.serviceMapFingerprintBucketSize
Maximum number of unique transaction combinations sampled for generating service map focused on a specific service. Defaults to 100.
xpack.apm.serviceMapFingerprintGlobalBucketSize
Maximum number of unique transaction combinations sampled for generating the global service map. Defaults to 100.
xpack.apm.serviceMapEnabled
Set to false to disable service maps. Defaults to true.
xpack.apm.serviceMapTraceIdBucketSize
Maximum number of trace IDs sampled for generating service map focused on a specific service. Defaults to 65.
xpack.apm.serviceMapTraceIdGlobalBucketSize
Maximum number of trace IDs sampled for generating the global service map. Defaults to 6.
xpack.apm.serviceMapMaxTracesPerRequest
Maximum number of traces per request for generating the global service map. Defaults to 50.
xpack.apm.ui.maxTraceItems

Maximum number of child items displayed when viewing trace details. Valid for version 7.4.0 and later.

Defaults to 1000. Any positive value is valid. To learn more, see APM settings in Kibana.

xpack.apm.searchAggregatedTransactions
Whether to use metric instead of transaction documents to render the UI. Available options are always, never or auto. Defaults to auto.
xpack.apm.ui.transactionGroupBucketSize
Number of top transaction groups displayed in the APM app. Defaults to 1000.
xpack.observability.annotations.index
Index name where Observability annotations are stored. Defaults to observability-annotations.
xpack.apm.metricsInterval
Sets a fixed_interval for date histograms in metrics aggregations. Defaults to 30.
xpack.apm.agent.migrations.enabled
Set to false to disable cloud APM migrations. Defaults to true.
xpack.apm.indices.span
Matcher for indices containing span documents. Defaults to apm-*.
xpack.apm.indices.error
Matcher for indices containing error documents. Defaults to apm-*.
xpack.apm.indices.transaction
Matcher for indices containing transaction documents. Defaults to apm-*.
xpack.apm.indices.onboarding
Matcher for all onboarding indices. Defaults to apm-*.
xpack.apm.indices.metric
Matcher for all metrics indices. Defaults to apm-*.
xpack.apm.indices.sourcemap
Matcher for all source map indices. Defaults to apm-*.