The integration of QuestDB and Grafana represents a pinnacle of modern time-series observability, enabling engineers to bridge the gap between high-throughput ingestion and real-time visual intelligence. QuestDB, a high-performance, open-source SQL database designed specifically for time-series data, provides the underlying engine for storing massive volumes of sensor data, IoT streams, or system metrics with unprecedented speed. Grafana serves as the visualization layer, transforming raw, structured rows of temporal data into interactive, actionable dashboards. This synergy is particularly critical in environments where latency-sensitive decision-making is required, such as monitoring electricity consumption, tracking logistics, or overseeing large-scale industrial IoT deployments. By utilizing the dedicated QuestDB data source plugin, users can execute standard SQL queries directly against the QuestDB engine, leveraging the full power of relational algebra to filter, aggregate, and present complex datasets. This architecture supports various deployment models, including Grafana Open Source (OSS), Grafana Enterprise, and Grafana Cloud, and is compatible with both the Open Source and Enterprise editions of QuestDB. The ability to connect these two powerhouses through specialized plugins and optimized network configurations allows for a seamless flow of data from the moment of ingestion to the final pixel on a monitoring screen.
Architecture and Plugin Ecosystem
The QuestDB data source plugin functions as the critical connective tissue between the database engine and the visualization platform. This plugin is not merely a driver but a specialized interface that enables the direct querying and visualization of time-SQL data within the Grafana ecosystem.
The plugin architecture is designed for versatility across different deployment scales. For instance, in a localized development environment, the plugin allows for rapid prototyping of dashboards, while in a distributed cloud environment, it supports Private Data Source Connect (PDS) capabilities. For the PDS functionality to operate correctly, a minimum plugin version of 0.1.6 is required, ensuring that the underlying communication protocols between Grafana Cloud and the private QuestDB instance are robust and secure.
The compatibility matrix for this integration is extensive:
| Component | Compatible Versions/Editions |
|---|---|
| Grafana Platform | Grafana OSS, Grafana Enterprise, Grafana Cloud |
| QuestDB Engine | QuestDB OSS, QuestDB Enterprise |
| Plugin Functionality | SQL Querying, Time-series visualization, PDS support |
Because the plugin acts as a pass-through for SQL statements, it is vital to understand that the plugin itself does not act as a security firewall for query content. This architectural choice prioritizes performance and flexibility, but it places the responsibility of query validation and user permissions squarely on the QuestDB configuration side.
Deploying the Infrastructure with Docker
To achieve a functional observability stack, the deployment of both QuestDB and Grafana must be orchestrated with specific network and port configurations. Using Docker allows for a reproducible and isolated environment, which is essential for managing the complex interactions between database ports and web interfaces.
QuestDB Container Configuration
The QuestDB instance requires a specific set of exposed ports to facilitate different types of communication, including the PostgreSQL wire protocol, the REST API, and the web-based management interface. When deploying via Docker, it is necessary to map these ports to the host machine to ensure external connectivity.
A typical robust deployment command for the QuestDB container is as follows:
docker
docker run --add-host=host.docker.internal:host-gateway \
-p 9000:9000 -p 9009:9009 -p 8812:8812 -p 9003:9003 \
-v "$(pwd):/var/lib/questdb" \
-e QDB_PG_READONLY_USER_ENABLED=true \
questdb/questdb:latest
In this configuration, the following port mappings are active:
- Port 8812: This is the primary entry point for the PostgreSQL wire protocol, which the Grafana plugin utilizes to execute SQL queries.
- Port 9000: This serves the web and REST interface, which is essential for administrative tasks and data ingestion.
- Port 9009: This is used for the web-based management console.
- Port 9003: This provides access to additional RESTful services.
The inclusion of the -e QDB_PG_READONLY_USER_ENABLED=true environment variable is a critical security measure. By enabling this, the administrator can enforce a security model where the Grafana user is restricted to read-only operations, preventing accidental or malicious data destruction.
Grafana Container Configuration
The Grafana container must be configured to communicate with the QuestDB container, often requiring a shared Docker network or the use of the host.docker.internal gateway to resolve the database's location.
For a standalone Grafana deployment, the following command can be used:
docker
docker run --rm -dit -p 3000:3000 \
--network=tutorial --name=grafana grafana/grafana
Alternatively, to ensure persistence of dashboards and data sources across container restarts, a volume-mounted deployment is preferred:
docker
docker run --add-host=host.docker.internal:host-gateway \
-p 3000:3000 --name=grafana \
-v grafana-storage:/var/lib/grafana \
grafana/grafana-oss
In the above command, the -v grafana-storage:/var/lib/grafana flag ensures that all configurations, including the newly installed QuestDB plugin and established data sources, are preserved within a Docker volume.
Data Ingestion and Dataset Preparation
Before visualization can occur, the QuestDB instance must be populated with data. This is often achieved via the REST API using curl commands to import CSV files. This process involves defining the timestamp column and the partitioning strategy (e.g., by Day, Week, or Month) to optimize time-series performance.
To prepare a demonstration environment, one can download pre-configured datasets and import them as follows:
bash
curl https://s3-eu-west-1.amazonaws.com/questdb.io/datasets/grafana_tutorial_dataset.tar.gz > grafana_data.tar.gz
tar -xvf grafana_data.tar.gz
Once the files weather.csv and taxi_trips_feb_2018.csv are extracted, they can be imported into QuestDB tables using the /imp REST endpoint:
Importing taxi trip data with a weekly partition:
bash curl -F data=@taxi_trips_feb_2018.csv "http://localhost:9000/imp?timestamp=pickup_datetime&name=taxi_trips_feb_2018&partitionBy=Week"Importing weather data with a monthly partition:
bash curl -F [email protected] "http://localhost:9000/imp?timestamp=timestamp&name=weather&partitionBy=Month"
The partitionBy parameter is a fundamental component of QuestDB's performance architecture. By partitioning data into temporal buckets, the engine can significantly accelerate queries that filter by specific time ranges, as it only needs to scan the relevant partitions.
Security and User Permissions Management
A major risk in the QuestDB-Grafana integration is the "destructive query" vulnerability. Because the Grafana plugin executes standard SQL, a user with write access could execute commands like DROP TABLE or UPDATE. To mitigate this, a strict read-only user must be configured within QuestDB.
Configuring Read-Only Users in Open Source Edition
In the Open Source version of QuestDB, the read-only user is managed via the server.conf file. The administrator must explicitly enable the read-rypt-only user feature and define the credentials.
The following properties must be set in server.conf:
pg.readonly.user.enabled=truepg.readonly.user=myuserpg.readonly.password=secret
After modifying these properties, the QuestDB instance must be restarted to apply the changes. This setup ensures that any connection using the myuser credentials is restricted from performing any non-SELECT operations.
Configuring Read-Only Users in Enterprise Edition
For users running QuestDB Enterprise, the process utilizes standard SQL-based user management, allowing for more granular control over specific tables and columns.
The following SQL commands should be executed:
sql
CREATE USER grafana_readonly;
GRANT SELECT ON table1 TO grafana_readonly;
By granting SELECT permissions only, the administrator creates a secure environment where the Grafana data source can query critical datasets without the risk of altering the underlying telemetry.
Configuring the QuestDB Data Source in Grafana
Once the infrastructure is running and the plugin is installed, the final step is the manual configuration of the data source within the Grafana web interface.
Plugin Installation
To install the plugin, navigate to the "Connections" or "Data Sources" section in Grafana. If the plugin is not present, search for "QuestDB" in the plugin browser and click "Install". In a Docker-based automated environment, you can automate this via the GF_INSTALL_PLUGINS environment variable:
docker
docker run -p 3000:3000 -e GF_INSTALL_PLUGINS=questdb-questdb-datasource grafana/grafana-oss
Data Source Connection Settings
After installation, click on "Add data source" and select "PostgreSQL" (or the specific QuestDB option if available in your version). The following configuration parameters are required:
| Field | Value | Description |
| :--- | :--- | :--- Ralph |
| Name | QuestDB | The identifier for the data source in Grafana |
| Host | questdb:8812 or host.docker.internal:8812 | The network address of the QuestDB instance |
| Database | qdb | The specific database name to connect to |
| User | user | The configured username (ideally the read-only user) |
| Password | quest | The password associated with the user |
| TLS/SSL Mode | disable | Set to disable for local testing; require for Enterprise TLS |
After entering these details, clicking "Save & Test" is mandatory. A successful connection will trigger a notification within the UI, confirming that the plugin can successfully communicate with the QuestDB engine.
Advanced Provisioning via YAML
For DevOps-centric workflows, manually configuring data sources is inefficient. Grafana's provisioning system allows for the definition of data sources via YAML files, which can be mounted into the Grafana container during startup.
An example provisioning file for the QuestDB data source is provided below:
yaml
apiVersion: 1
datasources:
- name: QuestDB
type: questdb-quest01-datasource
jsonData:
server: localhost
port: 8812
username: admin
tlsMode: disable
maxOpenConnections: 100
maxIdleConnections: 100
maxConnectionLifetime: 14400
secureJsonData:
password: quest
This configuration allows for "Infrastructure as Code" (IaC) management of the observability stack, ensuring that every deployment of the monitoring environment is identical and reproducible.
Visualizing Time-Series Data
The ultimate goal of this integration is the creation of panels and dashboards. Within Grafana, a "Panel" represents a single visualization (such as a time-series graph, a heat map, or a table), while a "Dashboard" is a collection of these panels.
Using the Query Builder and SQL Editor
The QuestDB plugin provides two distinct methods for retrieving data:
- The Query Builder: A visual interface for users who prefer to select tables and columns through a GUI without writing raw SQL.
- This is ideal for "Noob" users or for quick exploration of dataset structures.
- The SQL Editor: A full-text editor for writing complex, multi-line SQL statements.
- This is essential for advanced users performing complex joins, window functions, or temporal aggregations.
When building a visualization, the user selects the QuestDB data source and enters a query such as:
sql
SELECT timestamp, temperature FROM weather;
The results are then mapped to the graphing area at the top of the panel. The ability to switch between the Query Builder and the SQL Editor allows for a hybrid workflow, where simple metrics are quickly added, while complex analytical queries are meticulously crafted.
Analysis of Monitoring Orchestration
The integration of QuestDB and Grafana represents more than just a pairing of two software tools; it is a deliberate architectural decision to prioritize high-frequency data ingestion and low-latency visualization. The critical takeaway from this configuration is the tension between accessibility and security. While the plugin simplifies the connection process, the inherent power of the SQL engine introduces a significant risk profile.
The effectiveness of this stack is heavily dependent on the "Security by Design" principle. As analyzed, the reliance on the QDB_PG_READONLY_USER_ENABLED environment variable and the manual configuration of server.conf highlights that the database layer must remain the primary arbiter of truth and security. A failure to implement the read-only user configuration transforms a powerful monitoring tool into a potential vector for data loss.
Furthermore, the transition from manual Docker commands to automated provisioning (via YAML and GF_INSTALL_PLUGINS) marks the evolution from simple experimentation to production-grade observability. For the modern DevOps engineer, the ability to treat the monitoring stack as disposable, reproducible infrastructure is the most significant advantage of this integration. As IoT and edge computing continue to expand the volume of temporal data, the scalability of the QuestDB-Grafana architecture—driven by efficient partitioning and optimized SQL execution—will remain a cornerstone of industrial and enterprise monitoring strategies.