agent hive
Join the Waitlist

DATA OPS

Snapshot a BigQuery anomaly to a Google Doc investigation record

When a BigQuery metric anomaly fires, it snapshots the offending query results to BigQuery-backed CSV in cloud storage.

CategoryData Ops
Enginesim
Difficultyintermediate
Triggerwebhook
Steps5
Setup~15 min

How it runs

The automated pipeline, trigger to output.

  • TriggerAnomaly detector webhook firesHTTP webhook
  • ActionRe-run detection query and breakdown in BigQueryGoogle BigQueryBigQuery
  • ActionWrite timestamped result snapshot to cloud storageAWS S3
  • ActionCreate investigation doc in Google DriveGoogle DriveGoogle Drive
  • OutputPost snapshot and doc links to a Slack threadSlack

What it does

The moment an anomaly is detected, it freezes the evidence. It re-runs the detection query plus a dimension breakdown in BigQuery, writes the raw results to a timestamped file in cloud storage, and creates a structured investigation document in Google Drive containing the metric history, the snapshot link, and an empty findings template. It then drops the doc link into a Slack thread so the team investigates against a fixed record rather than live, shifting data.

When to use it

Use it when anomalies need a durable paper trail — postmortems, audits, or metrics that self-correct before anyone looks. Capturing the warehouse state at detection time means the investigation isn't undermined by data that already moved on.

How it works

  1. 1A webhook from your detector triggers with the metric and window.
  2. 2BigQuery re-runs the detection query and a dimension breakdown.
  3. 3Results are written to a timestamped file in cloud storage.
  4. 4A Google Drive investigation doc is created with history and a findings template.
  5. 5Slack posts a thread linking the frozen snapshot and the doc.

Set it up

What you configure once, before turning it on.

  1. 1
    Connect BigQueryDatasets, queries, schemas.
  2. 2
    Connect AWS S3Buckets, objects, signed URLs.
  3. 3
    Connect Google DriveDocs, sheets, slides, files.
  4. 4
    Connect SlackChannels, DMs, threads, mentions.
  5. 5
    Connect HTTP webhookTrigger any URL on agent actions.
  6. 6
    Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
  7. 7
    Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
  8. 8
    Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Data Ops workflows

Snowflake column type-drift sentinel with Linear fix ticket

Snapshots the data types of every column in your tracked Snowflake schemas on a schedule, diffs against the last snapshot.

Daily BigQuery Scheduled-Query Cost Attribution to Owners

Each morning, totals the prior day's on-demand bytes-billed per scheduled query, maps each query to its owner from a label, and posts a per-owner cost leaderboard to Slack.

BigQuery dropped/renamed column sentinel with PagerDuty incident

Detects when a column is dropped or renamed in your governed BigQuery datasets and, because that breaks downstream queries hard, pages the on-call via PagerDuty and posts…

PR-time Snowflake schema contract check on dbt model changes

When a pull request changes a dbt model, it compares the model's declared output columns against the live Snowflake table it will replace and blocks the merge with a GitHub check…

Agent-triaged warehouse drift with impact analysis and runbook update

On a webhook from your warehouse audit log, an agent investigates the changed column, traces which downstream models and dashboards depend on it.

Cross-warehouse replication schema mismatch reconciler

Compares the column shape of mirrored tables between BigQuery and Snowflake and, when a replicated table has drifted out of sync between the two, opens an Asana task for the data…

Browse all Data Ops

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the WaitlistBrowse all workflows