questdb
Pushes messages to a QuestDB table.
Introduced in version 4.37.0.
-
Common
-
Advanced
outputs:
label: ""
questdb:
max_in_flight: 64
batching:
count: 0
byte_size: 0
period: ""
check: ""
processors: [] # No default (optional)
address: "" # No default (required)
username: "" # No default (optional)
password: "" # No default (optional)
token: "" # No default (optional)
table: "" # No default (required)
designated_timestamp_field: "" # No default (optional)
designated_timestamp_unit: auto
timestamp_string_fields: [] # No default (optional)
timestamp_string_format: Jan _2 15:04:05.000000Z0700
symbols: [] # No default (optional)
doubles: [] # No default (optional)
error_on_empty_messages: falseoutputs:
label: ""
questdb:
max_in_flight: 64
batching:
count: 0
byte_size: 0
period: ""
check: ""
processors: [] # No default (optional)
tls:
enabled: false
skip_cert_verify: false
enable_renegotiation: false
root_cas: ""
root_cas_file: ""
client_certs: []
address: "" # No default (required)
username: "" # No default (optional)
password: "" # No default (optional)
token: "" # No default (optional)
retry_timeout: "" # No default (optional)
request_timeout: "" # No default (optional)
request_min_throughput: "" # No default (optional)
table: "" # No default (required)
designated_timestamp_field: "" # No default (optional)
designated_timestamp_unit: auto
timestamp_string_fields: [] # No default (optional)
timestamp_string_format: Jan _2 15:04:05.000000Z0700
symbols: [] # No default (optional)
doubles: [] # No default (optional)
error_on_empty_messages: false| Redpanda Data recommends enabling the dedupe feature on the QuestDB server. For more information about deploying, configuring, and using QuestDB, see the QuestDB documentation. |
Performance
For improved performance, this output sends multiple messages in parallel. You can tune the maximum number of in-flight messages (or message batches), using the max_in_flight field.
You can configure batches at both the input and output level. For more information, see Message Batching.
Fields
batching
Allows you to configure a batching policy.
Type: object
# Examples:
batching:
byte_size: 5000
count: 0
period: 1s
# ---
batching:
count: 10
period: 1s
# ---
batching:
check: this.contains("END BATCH")
count: 0
period: 1mbatching.byte_size
The number of bytes at which the batch is flushed. Set to 0 to disable size-based batching.
Type: int
Default: 0
batching.check
A Bloblang query that returns a boolean value indicating whether a message should end a batch.
Type: string
Default: ""
# Examples:
check: this.type == "end_of_transaction"batching.count
The number of messages after which the batch is flushed. Set to 0 to disable count-based batching.
Type: int
Default: 0
batching.period
The period of time after which an incomplete batch is flushed regardless of its size. This field accepts Go duration format strings such as 100ms, 1s, or 5s.
Type: string
Default: ""
# Examples:
period: 1s
# ---
period: 1m
# ---
period: 500msbatching.processors[]
A list of processors to apply to a batch as it is flushed. This allows you to aggregate and archive the batch however you see fit. All resulting messages are flushed as a single batch, and therefore splitting the batch into smaller batches using these processors is a no-op.
Type: processor
# Examples:
processors:
- archive:
format: concatenate
# ---
processors:
- archive:
format: lines
# ---
processors:
- archive:
format: json_arraydesignated_timestamp_unit
Units used for the designated timestamp field in QuestDB.
Type: string
Default: auto
error_on_empty_messages
Mark a message as an error if it is empty after field validation.
Type: bool
Default: false
max_in_flight
The maximum number of messages to have in flight at a given time. Increase this value to improve throughput.
Type: int
Default: 64
password
The password to use for basic authentication.
|
This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Secrets. |
Type: string
request_min_throughput
The minimum expected throughput in bytes per second for HTTP requests. If the throughput is lower than this value, the connection times out. The quest_db output uses this value to calculate an additional timeout on top of the request_timeout. This setting is useful for large requests. Set it to 0 to disable this logic.
Type: int
request_timeout
The period of time to wait for a response from the QuestDB server in addition to any connection timeout calculated for the request_min_throughput field.
Type: string
retry_timeout
The period of time to continue retrying after a failed HTTP request. The interval between retries is an exponential backoff starting at 10 ms, and doubling after each failed attempt up to a maximum of 1 second.
Type: string
timestamp_string_format
The timestamp format, which is used when parsing timestamp string fields and uses Golang’s time formatting.
Type: string
Default: Jan _2 15:04:05.000000Z0700
tls
Configure Transport Layer Security (TLS) settings to secure network connections. This includes options for standard TLS as well as mutual TLS (mTLS) authentication where both client and server authenticate each other using certificates. Key configuration options include enabled to enable TLS, client_certs for mTLS authentication, root_cas/root_cas_file for custom certificate authorities, and skip_cert_verify for development environments.
Type: object
tls.client_certs[]
A list of client certificates for mutual TLS (mTLS) authentication. Configure this field to enable mTLS, authenticating the client to the server with these certificates.
You must set tls.enabled: true for the client certificates to take effect.
Certificate pairing rules: For each certificate item, provide either:
-
Inline PEM data using both
certandkeyor -
File paths using both
cert_fileandkey_file.
Mixing inline and file-based values within the same item is not supported.
Type: object
Default: []
# Examples:
client_certs:
- cert: foo
key: bar
# ---
client_certs:
- cert_file: ./example.pem
key_file: ./example.keytls.client_certs[].key
A plain text certificate key to use.
|
This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Secrets. |
Type: string
Default: ""
tls.client_certs[].password
A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete pbeWithMD5AndDES-CBC algorithm is not supported for the PKCS#8 format.
Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.
|
This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Secrets. |
Type: string
Default: ""
# Examples:
password: foo
# ---
password: ${KEY_PASSWORD}tls.enable_renegotiation
Whether to allow the remote server to request renegotiation. Enable this option if you’re seeing the error message local error:
tls: no renegotiation.
Requires version 3.45.0 or later.
Type: bool
Default: false
tls.root_cas
Specify a root certificate authority to use (optional). This is a string that represents a certificate chain from the parent-trusted root certificate, through possible intermediate signing certificates, to the host certificate. Use either this field for inline certificate data or root_cas_file for file-based certificate loading.
|
This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Secrets. |
Type: string
Default: ""
# Examples:
root_cas: |-
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----tls.root_cas_file
Specify the path to a root certificate authority file (optional). This is a file, often with a .pem extension, which contains a certificate chain from the parent-trusted root certificate, through possible intermediate signing certificates, to the host certificate. Use either this field for file-based certificate loading or root_cas for inline certificate data.
Type: string
Default: ""
# Examples:
root_cas_file: ./root_cas.pemtls.skip_cert_verify
Whether to skip server-side certificate verification. Set to true only for testing environments as this reduces security by disabling certificate validation. When using self-signed certificates or in development, this may be necessary, but should never be used in production. Consider using root_cas or root_cas_file to specify trusted certificates instead of disabling verification entirely.
Type: bool
Default: false
token
The bearer token to use for authentication, which takes precedence over the basic authentication username and password.
|
This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Secrets. |
Type: string
username
The username to use for basic authentication.
|
This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Secrets. |
Type: string
