> ## Documentation Index
> Fetch the complete documentation index at: https://docs.antimetal.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Grafana

> Connect Grafana Cloud or a self-hosted Grafana instance to Antimetal

## Overview

This guide walks you through connecting Grafana to Antimetal. Antimetal queries Grafana and the data sources wired into it, including Prometheus, Loki, Tempo, and Pyroscope, so you do not need a separate connection for each data source.

<Card title="Set up in Antimetal" icon="arrow-up-right-from-square" href="https://overlook.antimetal.com/integrations/grafana">
  Go to the Grafana integration setup in the Antimetal dashboard.
</Card>

## Setup

Choose the tab that matches your Grafana deployment.

<Tabs>
  <Tab title="Grafana Cloud">
    ### Prerequisites

    * A Grafana Cloud account with access to Loki, Tempo, or Prometheus
    * Permissions to view data sources and create access policies

    <Steps>
      <Step title="Open the Grafana Cloud Portal">
        Go to [grafana.com/profile/org](https://grafana.com/profile/org) and select your organization.
      </Step>

      <Step title="Access the data source instance">
        From the left sidebar, go to **Connections > Data Sources** and click on your Loki, Tempo, or Prometheus instance.
      </Step>

      <Step title="Copy your URL and username">
        * Copy the **URL** under Connection (e.g., `https://logs-prod-036.grafana.net`)
        * Copy the **User** under Authentication (a numeric ID, e.g., `1264142`)
      </Step>

      <Step title="Create an access policy token">
        1. Scroll down to the **Access Policies** section
        2. Click **Create Access Policy**
        3. Enter a name (e.g., `Antimetal`)
        4. Under Permissions, enable all read permissions
        5. Click **Create Token**

        <Warning>Copy the token. It is shown only once.</Warning>
      </Step>

      <Step title="Submit credentials to Antimetal">
        Provide the following in the Antimetal UI:

        | Field        | Value                   |
        | ------------ | ----------------------- |
        | **URL**      | The full URL you copied |
        | **Username** | The numeric user ID     |
        | **Password** | The access policy token |
      </Step>
    </Steps>
  </Tab>

  <Tab title="Self-Hosted">
    <Note>
      A self-hosted instance usually lives inside your own network. Before connecting, review [Self-Hosted Observability](/integrations/self-hosted-observability) to make it reachable by Antimetal.
    </Note>

    ### Prerequisites

    * A self-hosted Grafana instance, reachable over HTTPS from Antimetal
    * Permission to create a service account and token in Grafana

    <Steps>
      <Step title="Confirm your instance URL">
        Note the base URL of your Grafana instance, for example `https://grafana.internal.example.com`.
      </Step>

      <Step title="Create a service account token">
        In Grafana, go to **Administration > Service Accounts > Add service account**. Assign the **Viewer** role for read-only access, then add a token.

        <Warning>Copy the token when it is shown. It cannot be retrieved later.</Warning>
      </Step>

      <Step title="Submit credentials to Antimetal">
        Provide the following in the Antimetal UI:

        | Field                     | Value                         |
        | ------------------------- | ----------------------------- |
        | **Grafana URL**           | The base URL of your instance |
        | **Service Account Token** | The Viewer-scoped token       |
      </Step>
    </Steps>
  </Tab>
</Tabs>

## Permissions and Access

Antimetal uses read-only access: a Viewer-scoped service account token for self-hosted instances, or a read-only access policy token for Grafana Cloud. No write operations are performed.

<Snippet file="security-note.mdx" />

<Snippet file="need-help.mdx" />
