Skip to main content

Tables for sql queries

The sql`…` command is part of the Server SDK: it reads data straight from the Qubix database and is available in scripts, Britva auto-rules, and site handlers. This is a reference for which tables and columns you can reach, and by what rules.

How access works

  • Read-only. Only queries that start with SELECT, WITH, SHOW, DESCRIBE, or EXPLAIN are allowed. Any data changes (INSERT, UPDATE, DELETE) and reaching out to external sources from inside the query are blocked.
  • Safe parameters. Values passed through ${…} always go as query parameters, not spliced into the text. You do not escape anything by hand, and query substitution is impossible.
  • You see only your own data. The query runs within your role's permissions: you get exactly the rows you are allowed to see in reports. Other people's data is not reachable.
  • A size limit. A single query returns at most a few thousand rows (the administrator sets the exact cap). For large selections, aggregate right in the query — count(), sum(), GROUP BY.

The table name is written without a database prefix — just qubix_events.

qubix_events — the event stream

The main table: one row per visitor event and per conversion action. Through it you can see everything that happens to the traffic — from the first visit to the deposit and to push delivery.

Event and identity

ColumnWhat it is
eventThe event type (values in the table below)
event_timeThe event time
piuidThe visitor id (persistent across visits)
pwa_idThe PWA the event belongs to
domainThe domain the event happened on
urlThe page address

Geo and device

ColumnWhat it is
geo, countryThe visitor's country (by GeoIP)
cityThe city
languageThe browser language
uaThe User-Agent
ipThe IP address
deviceDevice data (JSON)

Tracking and attribution

ColumnWhat it is
click_idThe tracker click id
campaign_idThe tracker campaign
ad_idThe ad
sub_id_1sub_id_16Custom tracker tags
fbc, fbp, fbclidFacebook attribution parameters
gclid, ttclidGoogle / TikTok attribution
source_clidThe original click id
pixelThe pixel id
paramsAll address parameters (a "key → value" map)

Offer

ColumnWhat it is
offer_idThe offer
offer_urlThe offer link

Push

ColumnWhat it is
push_campaign_idThe push campaign
subscription_idThe visitor's push subscription
message_idThe sent message id
push_title, push_bodyThe push text

Conversion

ColumnWhat it is
statusThe conversion status
revenueThe revenue for the event
currencyThe currency
response_codeThe response code (for server-side events)
error_messageThe error text, if any
external_idAn external identifier
extraExtra event data (JSON)

event values

The main event types you'll see in the stream:

GroupValues
Visits and viewscampaign_visit, render, white_page
PWA installinstall_accepted, install_rejected, install_blocked, installed, launch_pwa, install_fallback_redirect
Pushpush_prompt_shown, push_allow, push_deny, push_ignored, push_subscribe, push_sent, push_shown, push_click, push_dismiss, push_expired
Conversionsreg (registration), dep (deposit)

The subscribe and install event values match the Browser SDK events — what window.sdk sends from the browser lands right here.

Example

How many visitors from each country allowed push in the last day:

JavaScript
const rows = sql`
SELECT geo, count() AS allowed
FROM qubix_events
WHERE event = 'push_allow'
AND event_time >= now() - INTERVAL 1 DAY
GROUP BY geo
ORDER BY allowed DESC`
for (const row of rows) console.log(row.geo, row.allowed)

Other tables

TableWhat's inside
pwa_appsPWA app settings: pwa_id, name, status, country, category, rating, downloads, push_placement, and other constructor fields
push_subscriptionsPush subscriptions: subscription_id, pwa_id, geo_country, active, subscribed_at
push_campaignsPush campaigns: push_campaign_id, name, status, target_geo

Ready-made report metrics (spend, revenue, ROAS, per-ad conversions) are easier to take not from the raw stream but from the ad object's fields — the full list is in Metrics and columns.

Caution

Service secrets are not reachable from queries — for example, the private keys for push cannot be read. A query always works read-only and only within your role's permissions.

What's next