Documentation

Use parameterized Flux queries

InfluxDB Cloud supports parameterized Flux queries that let you dynamically change values in a query using the InfluxDB API. Parameterized queries make Flux queries more reusable and can also be used to help prevent injection attacks.

Prevent injection attacks

Use parameterized queries when executing Flux queries with untrusted user input; for example, in a web or IoT application. For more information on security and query parameterization, see the OWASP SQL Injection Prevention Cheat Sheet. While this guide is about SQL, it contains useful general advice.

The InfluxDB Cloud /api/v2/query API endpoint accepts a params field in the request body. The params field is a JSON object with key-value pairs where the key is a parameter name and the value is the parameter value. For example:

{
  "params": {
    "ex1": "foo",
    "ex2": "bar"
  }
}

InfluxDB Cloud inserts the params JSON object into the Flux query as a Flux record named params. Use dot or bracket notation to access parameters in the params record in your Flux query. For example, using the example params JSON above, the following query

from(bucket: params.ex1)
    |> range(start: -1h)
    |> filter(fn: (r) => r._measurement == params.ex2)

would execute as

from(bucket: "foo")
    |> range(start: -1h)
    |> filter(fn: (r) => r._measurement == "bar")

Example

To use a parameterized query, do the following:

  1. Create your Flux query. Use dot or bracket notation to reference parameters inside the params record to populate values at query time. The following example uses params.mybucket to define the bucket name.

    from(bucket: params.mybucket)
        |> range(start: -7d)
        |> limit(n:2)
  2. Use the InfluxDB Cloud /api/v2/query API endpoint to execute your query. Provide the following in your request body:

    • query: Raw Flux query to execute
    • params: JSON object with key-value pairs for each parameter to include in the query.

    For example:

    curl --request POST \
      'https://cloud2.influxdata.com/api/v2/query?orgID=<YourOrgID>' \
      --header 'authorization: Token <YourAuthToken>' \
      --header 'content-type: application/json' \
      --data '{
        "query":"from(bucket: params.mybucket) |> range(start: -7d) |> limit(n:2)",
        "params":{
          "mybucket":"telegraf"
          }
        }'

Supported parameter data types

Parameterized Flux queries support int, float, and string data types. To convert the supported data types into other Flux basic data types, use Flux type conversion functions.

For example, to define the start parameter of the range() function using a parameterized duration value:

  1. Use the duration() function to convert the param value into a duration:

    from(bucket:"example-bucket")
        |> range(start: duration(v: params.mystart))
        |> limit(n:2)
  2. In the param field of your query request body, format the duration parameter as a string:

    {
      "query": "from(bucket:\"example-bucket\") |> range(start: duration(v : params.mystart)) |> limit(n:2)",
      "params": {
        "mystart": "-7d"
      }
    }

Was this page helpful?

Thank you for your feedback!


InfluxDB OSS 2.9.0: API tokens are hashed by default

Stronger token security in InfluxDB OSS 2.9.0 — tokens are hashed on disk by default. Existing tokens are hashed on first startup and can’t be recovered afterward. Capture any plaintext tokens you still need before you upgrade.

View InfluxDB OSS 2.9.0 release notes

Hashed tokens authenticate exactly like unhashed tokens — clients and integrations keep working.

Also new in 2.9.0:

  • Configurable backup compression
  • Restore support for backups containing hashed tokens
  • Tighter Edge Data Replication queue validation
  • Flux upgrade
  • Compaction reliability improvements

Key enhancements in Explorer 1.9

Explorer 1.9 is now available with InfluxQL support, an AI-assisted Flux to SQL converter (beta), and new live sample data simulators.

View Explorer 1.9 release notes

Explorer 1.9 includes new features and improvements that make it easier to query, visualize, and manage data.

Highlights:

  • Flux to SQL converter (beta): Convert Flux queries to SQL with an AI-assisted converter.
  • InfluxQL support: Query data with InfluxQL in the Data Explorer and dashboards, and save and load InfluxQL queries.
  • InfluxQL visualizations: Render line and bar charts from InfluxQL results with per-tag series grouping.
  • Query error history: Review a history of query errors in the query tool.
  • Live sample data simulators: Generate continuous live sample data with new bird data and signal generator simulators.

For more details, see Explorer 1.9 release notes

InfluxDB 3.10 is now available

InfluxDB 3 Core 3.10 adds an automatic catalog format upgrade, a configurable query-concurrency limit, and processing engine improvements.

Key updates in InfluxDB 3 Core 3.10:

  • Catalog format upgrade: the on-disk catalog automatically upgrades from format v2 to v3 on first 3.10 startup. Migration is one-way—back up your catalog before upgrading.
  • --max-concurrent-queries: limit concurrent queries (adjustable at runtime).
  • GET /ready endpoint for readiness probes.
  • Processing engine: cross-database queries and trigger lockdown flags.

For more information, see the InfluxDB 3 Core release notes.

InfluxDB 3.10 is now available

InfluxDB 3 Enterprise 3.10 adds automated backup and restore, row-level deletions, and user management, with an automatic catalog format upgrade and performance preview improvements.

Key updates in InfluxDB 3 Enterprise 3.10:

  • Catalog format upgrade: the on-disk catalog automatically upgrades from format v2 to v3 on first 3.10 startup. Migration is one-way—back up your catalog before upgrading.
  • Automated backup and restore (beta)
  • Row-level deletions
  • User management (authentication and RBAC) — preview
  • Performance preview improvements

Backup and restore, row-level deletions, and the performance preview require the Enterprise storage engine upgrade (opt-in beta). Beta and preview features are subject to breaking changes and aren’t recommended for production use.

For more information, see the InfluxDB 3 Enterprise release notes

Telegraf Enterprise is now generally available

Telegraf Enterprise is now generally available, along with Telegraf Controller v1.0.

Telegraf Enterprise combines Telegraf Controller, a centralized management console for Telegraf, with official support from InfluxData. Manage configurations, monitor fleet health, and operate tens of thousands of Telegraf agents from a single system.

InfluxDB Docker latest tag changing to InfluxDB 3 Core

On September 15, 2026, the latest tag for InfluxDB Docker images will point to InfluxDB 3 Core. To avoid unexpected upgrades, use specific version tags in your Docker deployments.

If using Docker to install and run InfluxDB, the latest tag will point to InfluxDB 3 Core. To avoid unexpected upgrades, use specific version tags in your Docker deployments. For example, if using Docker to run InfluxDB v2, replace the latest version tag with a specific version tag in your Docker pull command–for example:

docker pull influxdb:2

InfluxDB Cloud powered by TSM