familienarchiv/infra/observability/grafana/provisioning/datasources/datasources.yml

apiVersion: 1

datasources:
  - name: Prometheus
    type: prometheus
    uid: prometheus
    url: http://obs-prometheus:9090
    isDefault: true
    editable: false

  - name: Loki
    type: loki
    uid: loki
    url: http://obs-loki:3100
    editable: false
    jsonData:
      derivedFields:
        - name: TraceID
          matcherRegex: '"traceId":"(\w+)"'
          url: "${__value.raw}"
          datasourceUid: tempo

  - name: Tempo
    type: tempo
    uid: tempo
    url: http://obs-tempo:3200
    editable: false
    jsonData:
      tracesToLogsV2:
        datasourceUid: loki
        spanStartTimeShift: "-1m"
        spanEndTimeShift: "1m"
        filterByTraceID: true
        filterBySpanID: false
      serviceMap:
        datasourceUid: prometheus
      nodeGraph:
        enabled: true

  # Read-only PostgreSQL datasource for the PO Overview dashboard (issue #651).
  # Uses the grafana_reader role provisioned by Flyway V68. Traffic stays inside
  # archiv-net, so sslmode=disable is the deliberate, accepted setting.
  - name: PostgreSQL
    type: postgres
    uid: postgres
    url: archive-db:5432
    user: grafana_reader
    editable: false
    secureJsonData:
      password: ${GRAFANA_DB_PASSWORD}
    jsonData:
      database: ${POSTGRES_DB}
      sslmode: disable
      postgresVersion: 1600