A New Relic integration with Snowflake to monitor query performance, logins, potential security incidents, optimise warehouse and cloud credit costs, capture any data stored in Snowflake for real-time alerting and reporting.
Configuration is driven by the config.yaml in the root directory of the integration.
obfuscation : Takes two properties, enabled: true or false and key: the string you used as the key
when obfuscating using the New Relic CLI. Read the docs on how to use the obfuscation feature.
Credential values must be supplied for account (your Snowflake account identifier in the format <account_locator>.<region_id> or <account_locator>.<region_id>.<cloud> e.g. xy12345.us-east-2), user, password & role as plain-text strings,
unless obfuscation is enabled in which case supply the obfuscated string values for each property. privateKey must be supplied but can be kept as an empty string if useKeyPairAuth equals false, otherwise, user and password will be ignored and the private key used instead on connection handshake.
# optional
# authentication:
# obfuscation:
# key: key # the key you used to obfuscate using newrelic CLI
credentials: # required
useKeyPairAuth: false
account: replaceme
user: replaceme
password: replaceme
role: replaceme
warehouse: replaceme
privateKey: replaceme
In order to setup key pair authentication, two environment variables have to be included in your yml configuration file. useKeyPairAuth and privateKeyPath.
See the example below
credentials:
useKeyPairAuth: true
privateKeyPath: replaceme
account: replaceme
username: replaceme
role: replaceme
warehouse: replaceme
- Install the New Relic Infrastructure agent for your platform
- Clone the repository to your machine
git clone https://github.com/newrelic/newrelic-snowflake-integration.git - Download the relevant binary for your platform from
releasesand place it in the cloned repo from step 2. - Make sure the binary is executable
chmod +x snowflakeintegration-linux - Open
config.yamlfile and fill it appropriately - If running the New Relic infrastructure agent as a systemd service, follow these steps to set the environment variable
- To determine if you are on a system using
systemdas the init service, run[[ `\systemctl` =~ -\.mount ]] && echo yes || echo no
- To determine if you are on a system using
- Set the
NEWRELIC_SNOWFLAKE_HOMEenvironment variable as documented in the Setting NEWRELIC_SNOWFLAKE_HOME section. (Skip this step if you are running the New Relic infrastructure agent as a systemd service and followed the alternative steps for this). - Copy the relevant flex config for your platform from flexConfigs to the agent's
integrations.dfolder.- for Linux, it is found at
/etc/newrelic-infra/integrations.d/ - for Windows, it is found at
C:\Program Files\New Relic\newrelic-infra\integrations.d\.
- for Linux, it is found at
NEWRELIC_SNOWFLAKE_HOME- REQUIRED the directory where you installed this integration i.e./home/user/newrelic-snowflake-integrationNEWRELIC_SNOWFLAKE_CONFIG_PATH- OPTIONAL the fully qualified path to the config file i.e./home/user/config.yamlorC:\User\config.yaml
For example on Mac OS/Linux do export NEWRELIC_SNOWFLAKE_HOME=/home/myuser/newrelic-snowflake-integration
On Windows, set System Environment variables via the Control Panel or from an Administrator command prompt (setx /m NEWRELIC_SNOWFLAKE_HOME C:\newrelic-snowflake-integration\). If you are running on a Linux system that uses Systemd, see below.
The integration relies on NEWRELIC_SNOWFLAKE_HOME environment variable to connect to Snowflake. When the infrastructure agent runs as a systemd service, it doesn't have access to the environment variables of the user. To pass the environment variables correctly, you need to create a .env file.
- Copy the
snowflake.envfile to a location on your server. - Replace the values in
snowflake.env - Edit the
newrelic-infra.serviceservice definition -sudo nano /etc/systemd/system/newrelic-infra.service - Add a line
EnvironmentFile=/path/to/env/filein the[Service]section - Perform a daemon-reload and restart the newrelic-infra service -
sudo systemctl daemon-reload && sudo systemctl restart newrelic-infra
The newrelic-infra.service file should look similar to below
...
[Service]
RuntimeDirectory=newrelic-infra
Type=simple
EnvironmentFile=/home/ec2-user/snowflake.env
ExecStart=/usr/bin/newrelic-infra-service
MemoryLimit=1G
# MemoryMax is only supported in systemd > 230 and replaces MemoryLimit. Some cloud dists do not have that version
# MemoryMax=1G
Restart=always
RestartSec=20
StartLimitInterval=0
StartLimitBurst=5
PIDFile=/var/run/newrelic-infra/newrelic-infra.pid
...
This integration comes out of the box with queries to capture a good range of performance related data from the ACCOUNT_USAGE schema. If you want to extend the integration to run custom queries, see the instructions below
To add your own custom query, you need to follow a few steps
- When creating your query, use the existing query files for guidance. The
FROMclause needs to be fully qualified, for example you need to specify the Database, Schema and Table. For example,"DATABASE"."SCHEMA"."TABLE/VIEW" - Add your
custom-query.sqlquery file to the queries directory - Add a new section for the
flex-snowflake.ymlfile, like so
---
- name: snowflakeMyCustomQuery
event_type: SnowflakeAccount
custom_attributes:
metric_type: snowflake.my_custom_query
commands:
- run: SNOWSQL_ACCOUNT="$$SNOWSQL_ACCOUNT" SNOWSQL_USER="$$SNOWSQL_USER" SNOWSQL_PWD="$$SNOWSQL_PWD" SNOWSQL_ROLE="$$SNOWSQL_ROLE" $$NEWRELIC_SNOWFLAKE_HOME/snowflakeintegration-<platform> $$NEWRELIC_SNOWFLAKE_HOME/queries/custom_query.sql
If you're running into a problem, please raise an issue on this repository and we will try to help you ASAP. Please bear in mind this is an open source project and hence it isn't directly supported by New Relic.
We encourage your contributions to improve [project name]! Keep in mind that when you submit your pull request, you'll need to sign the CLA via the click-through using CLA-Assistant. You only have to sign the CLA one time per project.
If you have any questions, or to execute our corporate CLA (which is required if your contribution is on behalf of a company), drop us an email at [email protected].
A note about vulnerabilities
As noted in our security policy, New Relic is committed to the privacy and security of our customers and their data. We believe that providing coordinated disclosure by security researchers and engaging with the security community are important means to achieve our security goals.
If you believe you have found a security vulnerability in this project or any of New Relic's products or websites, we welcome and greatly appreciate you reporting it to New Relic through HackerOne.
If you would like to contribute to this project, review these guidelines.
To all contributors, we thank you! Without your contribution, this project would not be what it is today. We also host a community project page dedicated to Project Name.
New Relic Snowflake Integration is licensed under the Apache 2.0 License.