to_snowflake
Sends events to a Snowflake database.
to_snowflake account_identifier=string, user_name=string, password=string, snowflake_database=string snowflake_schema=string table=string, [ingest_mode=string]Description
Section titled “Description”The to_snowflake operator makes it possible to send events to a
Snowflake database. It uploads the events via
bulk-ingestion under the hood and then copies them into the target table.
The operator supports nested types as Snowflake semi-structured
types.
Alternatively, you can use the flatten function
operator beforehand.
account_identifier = string
Section titled “account_identifier = string”The Snowflake account identifier to use.
user_name = string
Section titled “user_name = string”The Snowflake user name. The user must have the CREATE STAGE
privilege on the given schema.
password = string
Section titled “password = string”The password for the user.
database = string
Section titled “database = string”The Snowflake database to write to. The user must be allowed to access it.
schema = string
Section titled “schema = string”The Snowflake schema to use. The user be allowed to access it.
table = string
Section titled “table = string”The name of the table that should be used/created. The user must have the required permissions to create/write to it.
Table columns that are not in the event will be null, while event fields that are not in the table will be dropped. Type mismatches between the table and events are a hard error.
ingest_mode = string (optional)
Section titled “ingest_mode = string (optional)”You can set the ingest mode to one of three options:
"create_append": Creates the table if it does not exist, otherwise appends to it."create": creates the table, causing an error if it already exists."append": appends to the table, causing an error if it does not exist.
In case the operator creates the table it will use the the first event to infer the columns.
Default to "create_append".
Examples
Section titled “Examples”Send an event to a Snowflake table
Section titled “Send an event to a Snowflake table”Upload suricata.alert events to a table TENZIR in MY_DB@SURICATA_ALERT:
exportwhere @name == "suricata.alert"to_snowflake \ account_identifier="asldyuf-xgb47555", user_name="tenzir_user", password="password1234", database="MY_DB", schema="SURICATA_ALERT", table="TENZIR"