Elastic APM not capturing MySQL/ORM query parameters

We are using Elastic APM to monitor our stack, and we're onboarding new services that talks to MySQL servers. The app is typescript with typeorm.

It seems that the APM is capturing database transactions, but it is not exposing the actual query parameters; it shows a ? instead. For example, this is a query span that shows up. I redacted the actual query statement, but you get the idea.

While it gives us an idea of what is being ran, it doesn't help us in querying in some use cases where we think the parameters are giving us problems.

SELECT (redacted) WHERE (redacted) = ? AND (redacted) = ? AND (redacted) = ?

I did some browsing around on this and there seems to be some chatter around how this is obfuscated by design.... But we currently have a legacy app on PHP that we also use elastic to monitor via APM, and the query parameters are exposed... so I'd like to understand what the differences are.

Hi @Victor_Chan

Elastic's nodejs agent instruments the query method of mysql's package and uses the 1st parameter as input to create spans. As you can see in the documentation that 1st parameter can be:

• The raw SQL string
• SQL string with placeholders for escaping
  Ref: GitHub - mysqljs/mysql: A pure node.js JavaScript Client implementing the MySQL protocol.

I guess TypeORM is using the second option for security reasons and that's why you're seeing the character ? in the queries. Also notice that having the statement without values reduces cardinality on the statement field.

Are those query parameters coming from an external request like URL query params? Maybe you could look up to the parent HTTP transaction and inspect the full URL field to see what parameters came from it.

I'm not familiar with PHP but I guess the agent is instrumenting a function which gets the raw SQL string like PHP: mysqli::query - Manual

Regards,
David