Documentation

InfluxDB Cloud (TSM)

Use parameterized Flux queries

InfluxDB Cloud supports parameterized Flux queries that let you dynamically change values in a query using the InfluxDB API. Parameterized queries make Flux queries more reusable and can also be used to help prevent injection attacks.

Prevent injection attacks

Use parameterized queries when executing Flux queries with untrusted user input; for example, in a web or IoT application. For more information on security and query parameterization, see the OWASP SQL Injection Prevention Cheat Sheet. While this guide is about SQL, it contains useful general advice.

The InfluxDB Cloud /api/v2/query API endpoint accepts a params field in the request body. The params field is a JSON object with key-value pairs where the key is a parameter name and the value is the parameter value. For example:

"params": {
  "ex1": "foo",
  "ex2": "bar" 
}

InfluxDB Cloud inserts the params JSON object into the Flux query as a Flux record named params. Use dot or bracket notation to access parameters in the params record in your Flux query. For example, using the example params JSON above, the following query

from(bucket: params.ex1)
    |> range(start: -1h)
    |> filter(fn: (r) => r._measurement == params.ex2)

would execute as

from(bucket: "foo")
    |> range(start: -1h)
    |> filter(fn: (r) => r._measurement == "bar")

Example

To use a parameterized query, do the following:

  1. Create your Flux query. Use dot or bracket notation to reference parameters inside the params record to populate values at query time. The following example uses params.mybucket to define the bucket name.

    from(bucket: params.mybucket)
    |> range(start: -7d)
    |> limit(n:2)

  2. Use the InfluxDB Cloud /api/v2/query API endpoint to execute your query. Provide the following in your request body:

    • query: Raw Flux query to execute
    • params: JSON object with key-value pairs for each parameter to include in the query.

    For example:

    curl --request POST \
  'https://cloud2.influxdata.com/api/v2/query?orgID=<YourOrgID>' \
  --header 'authorization: Token <YourAuthToken>' \
  --header 'content-type: application/json' \
  --data '{
    "query":"from(bucket: params.mybucket) |> range(start: -7d) |> limit(n:2)",
    "params":{
      "mybucket":"telegraf"
      }
    }'

Supported parameter data types

Parameterized Flux queries support int, float, and string data types. To convert the supported data types into other Flux basic data types, use Flux type conversion functions.

For example, to define the start parameter of the range() function using a parameterized duration value:

  1. Use the duration() function to convert the param value into a duration:

    from(bucket:"example-bucket")
    |> range(start: duration(v: params.mystart))
    |> limit(n:2)

  2. In the param field of your query request body, format the duration parameter as a string:

    {
  "query": "from(bucket:\"example-bucket\") |> range(start: duration(v : params.mystart)) |> limit(n:2)",
  "params": {
    "mystart": "-7d"
  }
}
query security

Was this page helpful?

Thank you for your feedback!

© 2023 InfluxData, Inc.

Select your InfluxDB Cloud region

Select your InfluxDB Cloud region and cluster and we’ll customize code examples for you. Identify your InfluxDB Cloud cluster.

AWS

  • US West (Oregon)

GCP
Azure

For more information, see InfluxDB Cloud regions.

Thank you for your feedback!

Let us know what we can do better:

Thank you!

No thanks

Introducing InfluxDB Clustered

A highly available InfluxDB 3.0 cluster on your own infrastructure.

InfluxDB Clustered is a highly available InfluxDB 3.0 cluster built for high write and query workloads on your own infrastructure.

InfluxDB Clustered is currently in limited availability and is only available to a limited group of InfluxData customers. If interested in being part of the limited access group, please contact the InfluxData Sales team.

Learn more
Contact InfluxData Sales

The future of Flux

Flux is going into maintenance mode. You can continue using it as you currently are without any changes to your code.

Flux is going into maintenance mode and will not be supported in InfluxDB 3.0. This was a decision based on the broad demand for SQL and the continued growth and adoption of InfluxQL. We are continuing to support Flux for users in 1.x and 2.x so you can continue using it with no changes to your code. If you are interested in transitioning to InfluxDB 3.0 and want to future-proof your code, we suggest using InfluxQL.

For information about the future of Flux, see the following:

State of the InfluxDB Cloud Serverless documentation

InfluxDB Cloud Serverless documentation is a work in progress.

The new documentation for InfluxDB Cloud Serverless is a work in progress. We are adding new information and content almost daily. Thank you for your patience!

If there is specific information you’re looking for, please submit a documentation issue.

InfluxDB Cloud powered by TSM

You are currently viewing documentation specific to InfluxDB Cloud powered by the TSM storage engine, which offers different functionality than InfluxDB Cloud Serverless powered by the v3 storage engine.

Are you using InfluxDB Cloud powered by TSM? How to find out?

Visit your organization's homepage and find the following at the bottom of the right column:

InfluxDB Cloud powered by TSM Storage Engine Version 2
Yes – I'm using InfluxDB Cloud (TSM) No – I'm using InfluxDB Cloud Serverless