Workspace Settings¶
Manage > Workspace Settings is the core configuration center for a workspace. Workspace owners and administrators can:
- View workspace version, site, Token, member count, and other data.
- Export/import configurations such as dashboards and monitors for cross-workspace reuse.
- Ensure data security through multi-layer mechanisms like MFA, IP allowlists, and invitation approval.
- Perform irreversible operations such as adjusting storage policies and cleaning historical data.
Basic Information¶
Displays core information about the current workspace. Only owners and administrators can edit.
| Field | Description | Visibility | Editable |
|---|---|---|---|
| Current Plan | Commercial Plan/Free Plan | All members | No |
| Site | Data center node where the workspace is deployed (e.g., Alibaba Cloud, Huawei Cloud, AWS, etc.) | All members | No |
| Workspace Name | Name displayed in the workspace switcher in the top-left corner | All members | Yes |
| Workspace Language | Language for system events, alerts, and SMS templates | All members | Yes |
| Workspace Note | Auxiliary identification information from a personal perspective | Visible only to oneself | Yes |
| Workspace Description | Purpose description of the workspace | All members | Yes |
| Workspace ID | Globally unique identifier (starting with wksp_) |
All members | No |
| Token | Authentication key for data reporting | Owner/Administrator | Yes |
| Member Count | Number of members currently joined in the workspace | All members | No |
Workspace Language¶
Supports Chinese or English. After switching, system events, alert notifications, SMS templates, etc., will use the corresponding language by default.
Note
-
The "Workspace Language" here only applies to the current settings page and does not affect the language displayed in the interface after you enter the workspace. Upon login, the system prioritizes the display language used during the browser's last successful access to the console. If no record exists, the browser's current language is used. For example, if the browser language is Chinese, the console will default to Chinese display.
-
Only workspace owners or administrators have the authority to modify this language setting.
Note¶
Add a note for the current workspace that is visible only to yourself.
The note will be displayed alongside the workspace name in the top-left corner for quick identification.
Description¶
Add descriptive information for the current workspace. After successful addition, it can be viewed directly in the top-left workspace switcher for easy identification.
Token¶
Token is the authentication credential for DataKit and OpenAPI data reporting.
View and Copy¶
Click the copy button to the right of the Token to copy the complete key.
Replace Token¶
Click Replace, set the expiration time for the old Token, and generate a new Token:
- Expire immediately
- 10 minutes
- 6 hours
- 12 hours
- 24 hours
Replacement Notes
Selecting "Expire immediately" will cause DataKits using the old Token to stop reporting immediately, which may lead to monitoring interruptions and alert failures.
Edit Token Configuration¶
Click Edit to configure:
-
Custom Token: Set a custom key (optional).
-
Enable Data Query: Allow querying platform data via Token (disabled by default, recommended to enable as needed).
Configuration Migration¶
Supports one-click import and export of all workspace configurations, covering core resources such as monitoring views, alert strategies, data processing rules, role management settings, and data compliance.
Expand to view specific resource items
- Dashboards
- Custom Explorers
- Monitor configurations
- Data forwarding rules
- Alert Strategies
- Notification Targets
- SLOs
- Security check rules
- Log indexes (excluding external indexes)
- Attribute Claims
- Field management
- Global tags
- Environment variables (excluding RUM)
- Role management
- Blacklists
- Pipelines
- Regular expressions
- Field display permissions
- Sensitive data scanning
-
Click Export to download a compressed package containing all relevant configurations of the current workspace.
-
Click Import to upload a JSON file or compressed package. If duplicate resource names are detected, the system provides the following handling methods:
- Skip: Means only create non-duplicate files.
- Overwrite: Overwrite and create corresponding resources based on the imported file names.
Advanced Settings¶
Click Settings to enter the advanced configuration page:
Security¶
Invitation Approval¶
When enabled, invited members require approval from the owner or administrator before they can join. If disabled, invited members can directly enter the workspace.
MFA Security Authentication¶
When enabled, all workspace members must complete MFA binding and authentication, otherwise they cannot access the workspace.
API Key Security Display Policy¶
Used to uniformly manage the display method of API Keys within the workspace. When enabled, newly created API Keys are displayed only once upon successful creation. The plaintext cannot be viewed after closing the page. When this policy is disabled, members with permission can view the complete Key again.
Change Notes
- After changing the policy, it only applies to subsequently newly created API Keys. Old API Keys retain their original display form.
- Automatically created API Keys remain displayed in plaintext.
- This setting is disabled by default. Only workspace owners can modify it.
After an API Key is successfully created, a pop-up window displays the complete API Key plaintext once, including name, API Key, role, creation time, and notes. The bottom left corner supports downloading as a text file (.txt).
After closing the creation success pop-up or refreshing the page, the plaintext of this API Key is no longer displayed. The list and details page only show "Key is only visible upon creation."
AI Intelligent Analysis¶
Controls the data export permissions for AI features within the workspace.
- Enable: Monitoring data, log snippets, trace data, metric summaries, and other information from this workspace may be transmitted to external large models (public network services) for processing.
- Disable: AI features are unavailable, and data will not be exported.
Note
- Newly created workspaces have this switch disabled by default.
- Only workspace owners can enable or disable this switch. Non-owners do not see this switch.
- Before enabling this feature, confirm that your organization's security and compliance policies permit such data export operations to ensure data security and compliance.
- Enabling and disabling applies to all AI features simultaneously.
Special characters
Login IP Allowlist¶
Restricts the IP sources that can log in to the console.
When enabled, only IPs within the allowlist can log in normally; other sources will be denied.
The IP allowlist writing specifications are as follows:
- Multiple IPs require line breaks. Each line can only contain one IP or network segment. Up to 1,000 entries can be added.
- Specify IP address: 192.168.0.1, indicating that the IP address 192.168.0.1 is allowed to access.
- Specify IP segment: 192.168.0.0/24, indicating that IP addresses from 192.168.0.1 to 192.168.0.255 are allowed to access.
- All IP addresses: 0.0.0.0/0.
Note
Workspace owners are not subject to this restriction, ensuring they are not accidentally locked out.
Role IP Allowlist¶
Based on the global IP allowlist, further refinement of login IP control by role dimension is supported. After both the global allowlist and Role IP allowlist are enabled, different roles can be configured with allowed login IPs or network segments.
Effective rule: When a user has a matching role rule, judgment is based on the role rule. When there is no matching role rule, it falls back to the global IP list for judgment. If a user belongs to multiple roles, access is granted if any role rule is matched.
Note
After a role is deleted, the corresponding IP rule automatically becomes invalid.
Data Reporting IP Allowlist¶
Restricts the egress IPs that can report data. When enabled, only IPs within the allowlist can report data normally; data from other sources will be blocked.
The IP allowlist writing specifications are as follows:
- Multiple IPs require line breaks. Each line can only contain one IP or network segment. Up to 1,000 entries can be added.
- Specify IP address: 192.168.0.1, indicating that the IP address 192.168.0.1 is allowed to access.
- Specify IP segment: 192.168.0.0/24, indicating that IP addresses from 192.168.0.1 to 192.168.0.255 are allowed to access.
- All IP addresses: 0.0.0.0/0.
OpenAPI Access IP Allowlist¶
Restricts the source IPs for OpenAPI and API Key calls of the current workspace. Only IPs within the allowlist are allowed to access. Requests from non-allowlist sources will be blocked and recorded in audit logs.
- Go to Manage > Workspace Settings > Security.
- Under "OpenAPI Access IP Allowlist", click "Settings".
- Enable the allowlist switch and add allowed IPs or network segments to the IP list.
- Save.
The IP allowlist writing specifications are as follows:
- Multiple IPs require line breaks. Each line can only contain one IP or network segment. Up to 1,000 entries can be added.
- Specify IP address: 192.168.0.1, indicating that this IP address is allowed to access.
- Specify IP segment: 192.168.0.0/24, indicating that IP addresses from 192.168.0.1 to 192.168.0.255 are allowed to access.
- All IP addresses: - 0.0.0.0/0.
Note
- After enabling, only IPs in the allowlist can access the current workspace's OpenAPI (including API Key calls).
- Requests from non-allowlist sources will be rejected and recorded in audit logs.
- Workspace owners are not subject to this restriction.
Role IP Allowlist¶
Based on the global IP allowlist, further refinement of OpenAPI access IP control by role dimension is supported. After both the global allowlist and Role IP allowlist are enabled, different roles can be configured with allowed calling IPs or network segments.
Effective rule: When a user has a matching role rule, judgment is based on the role rule. When there is no matching role rule, it falls back to the global IP list for judgment. If a user belongs to multiple roles, access is granted if any role rule is matched.
Note
- After a role is deleted, the corresponding IP rule automatically becomes invalid.
Data Access Scope Restriction¶
When enabled, ordinary members within the current workspace who do not match any data access rules will be unable to view any data corresponding to the data access rules.
Note
Only the Owner and Administrator roles can operate this switch and are not affected by its restrictions.
Risky Operations¶
The following operations are irreversible. Please execute with caution.
Change Data Storage Policy¶
The system supports owners changing the data storage policy within the workspace.
- Go to Manage > Workspace Settings > Change Data Storage Policy.
- Click Replace.
- Select the desired data storage duration.
- Confirm.
Note
After the change, new data is stored according to the new policy. Historical data is not affected.
Delete Measurement¶
The system supports owners and administrators deleting Measurements within the workspace.
- Go to Manage > Workspace Settings > Delete Specified Measurement.
- Select the Measurement name from the dropdown (supports fuzzy matching).
- Click Confirm to enter the deletion queue and wait for deletion.
Note
- Only workspace owners and administrators are allowed to perform this operation.
- Once a Measurement is deleted, it cannot be recovered. Please proceed with caution.
- Deleting a Measurement generates system notification events, such as user created a delete Measurement task, delete Measurement task executed successfully, delete Measurement task execution failed, etc.
Delete Resource Catalog¶
The system supports owners and administrators deleting specified Resource Catalog classifications and all Resource Catalogs.
- Go to Manage > Workspace Settings > Delete Resource Catalog.
- Click Delete Resource Catalog.
- Select the method for deleting the Resource Catalog.
-
Confirm.
- Specified Resource Catalog classification: Only deletes data under the selected object classification; does not delete indexes.
- All Resource Catalogs: Deletes all Resource Catalog data and indexes.
