Configure Grafana OSS — provisions dashboards from YAML, sets up data sources (Prometheus / Loki / Tempo / Pyroscope), writes dashboard JSON with template variables, builds panel queries, assigns built-in roles (Viewer / Editor / Admin / GrafanaAdmin), mints service-account tokens, edits grafana.ini server config, creates annotations, installs plugins via provisioning, and validates each step with a health-check curl. Use when building dashboards, configuring data sources, setting up provisioning YAML, picking a panel type, writing template variables, managing users and roles, configuring SMTP/OAuth in grafana.ini, creating annotations via API, troubleshooting why a provisioned dashboard isn't showing up, or running Grafana OSS locally — even when the user says "set up a Prometheus data source", "provision dashboards from git", "make a service account", or "configure SSO in OSS" without saying "Grafana OSS".
86
—
Does it follow best practices?
Impact
100%
1.21xAverage score across 1 eval scenario
Advisory
Suggest reviewing before use
/var/lib/grafana/dashboards/provisioning/dashboards/default.yaml (see § Dashboard provisioning below)curl https://grafana.example.com/api/dashboards/uid/<uid> \
-H "Authorization: Bearer <token>" | jq '.dashboard.title'journalctl -u grafana-server | grep -i provisioning) for parse errors.provisioning/datasources/datasources.yaml (see § Data source provisioning below)curl https://grafana.example.com/api/datasources/uid/<uid>/health \
-H "Authorization: Bearer <token>"
# { "status": "OK", "message": "..." } → working
# { "status": "ERROR", ... } → URL unreachable or auth misconfiguredPOST /api/serviceaccounts (full API in references/api.md § Users + service accounts)POST /api/serviceaccounts/{id}/tokenscurl https://grafana.example.com/api/org \
-H "Authorization: Bearer <new-token>"
# 200 + org JSON → token + role assignment work
# 401 → token wrong; 403 → role wrong# provisioning/dashboards/default.yaml
apiVersion: 1
providers:
- name: default
folder: MyFolder
type: file
disableDeletion: false
updateIntervalSeconds: 30
options:
path: /var/lib/grafana/dashboards
foldersFromFilesStructure: trueFor the dashboard JSON shape itself (panels, queries, template variables), see references/dashboard-json.md.
# provisioning/datasources/datasources.yaml
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
access: proxy
url: http://prometheus:9090
isDefault: true
jsonData:
timeInterval: 15s
httpMethod: POST
- name: Loki
type: loki
access: proxy
url: http://loki:3100
- name: Tempo
type: tempo
access: proxy
url: http://tempo:3200
jsonData:
tracesToLogsV2:
datasourceUid: loki_uid
tags: [{ key: "service.name", value: "app" }]
serviceMap:
datasourceUid: prometheus_uid
nodeGraph:
enabled: true
- name: Pyroscope
type: grafana-pyroscope-datasource
url: http://pyroscope:4040| Role | Permissions |
|---|---|
| Viewer | Read dashboards, alerts |
| Editor | Create/edit dashboards, alerts |
| Admin | Manage data sources, users, plugins |
| GrafanaAdmin | Server-wide admin (superuser) |
Service-account provisioning:
# provisioning/access-control/service_accounts.yaml
apiVersion: 1
serviceAccounts:
- name: ci-reader
orgId: 1
role: Viewer
tokens:
- name: ci-token
# expires: optional ISO 8601 timestamp; omit for no-expiry tokens(Custom RBAC roles with fine-grained permissions are Enterprise / Cloud only — see the grafana-cloud/admin skill if you need those.)
# provisioning/plugins/plugins.yaml
apiVersion: 1
apps:
- type: grafana-pyroscope-app
disabled: false
jsonData:
backendUrl: http://pyroscope:4040After restart, verify via GET /api/plugins/<plugin-id>/health.
references/dashboard-json.md — full dashboard JSON model + template variables + common problems (uid uniqueness, gridPos arithmetic, datasource uid matching)references/panel-types.md — panel-type table + decision guide for picking the right onereferences/api.md — full Grafana OSS API reference (dashboards, data sources, users, service accounts, annotations) with verification curls and common failure modesreferences/config.md — grafana.ini server / database / SMTP / auth / security / feature-toggle config + restart-required issuese8424d2
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.