Making Snowflake Observability Easy

By Kyle ChamplinAugust 13, 2024

We’ve posted a few times on this blog about why Observe chose to build on Snowflake, and how we take advantage of Snowflake’s modern architecture to deliver value to our customers. We also got some bragging rights this year at Summit, winning the first ever Observability Partner Award. Our lived experience with Snowflake left us feeling that we could help more customers who are also moving business critical workloads onto Snowflake. When we went out and interviewed organizations that are on a similar trajectory as us with respect to Snowflake Observability, we realized that there was an opportunity to provide a turn-key, Snowflake-native solution, to help collect and make sense of all the beautiful telemetry that is landing in Snowflake Trail. We are excited to announce the public preview of Observe For Snowflake (O4S)(note, you must be logged in to your Snowflake account to view the listing).

There were two primary goals for our team as we went about building O4S. The first, was to help customers take advantage of all the new Snowflake Trail features that were announced at Summit. Having a single place to collect logs, metrics, and traces from Snowpark helps teams building on Snowflake provide better experiences to their customers. The second goal was to make collection of the ACCOUNT_USAGE views extremely simple for Snowflake admins to say “yes” to, so that their operations teams can get the rich data needed to answer questions around security, performance, and availability. Once we knew the sources of data we needed, we worked with customers to model their use cases and Snowflake Observability practices across three major milestones:

  • Basic Monitoring: “Something is wrong”
  • Platform Observability: “What is wrong with my Snowflake workload and why”
  • App Observability: “What is wrong with my application, why, and who is impacted”

With each of these milestones we are really dealing with different data and frankly, different parts of the Snowflake platform. Some folks are very early in their journey of adopting capabilities like SPCS, and that’s OK. We built the app in such a way that as you adopt more Snowflake services, we can easily capture that data and make it instantly ready to explore in Observe. That said, we’re pretty pleased with how the event table data in particular lent itself to Observe’s flagship explorers. Here’s two screenshots of our Trace Explorer, our main summary view and then drilling-down into a specific trace – note we can link directly to the associated logs directly from the trace!

We have also packaged a few dashboards, and an early hit with our private preview customers is the “Snowflake Login Statistics” dashboard. This help teams better understand the security posture of their Snowflake accounts; who’s logging in, who doesn’t has MFA enabled(!), where are they logging in from, and what stack are they using to interact with Snowflake (Python driver, Snowsight, SnowSQL CLI, etc).

The security related content was so popular, in fact, that my colleague Daniel went fairly deep on this subject during our launch webinar. I highly recommend checking it out, but to give a little bit away, we were able to easily correlate logins with unusual activity such as copying a large amount of data to an external stage! Using our powerful data linking feature, we can stitch evidence together easily across Login, Session, and Query History.

The team has been incredibly energized working on this offering for our customers, and we highly encourage you to check it out. As of this blog post it should be directly available on the Snowflake marketplace, simply search for Observe. The app is free, and if you’re new to Observe, please sign up for a free trial at https://account.observeinc.com.