DATA OPS

Live DDL Audit to PagerDuty for Breaking Snowflake Changes

Reads the Snowflake ACCESS_HISTORY/QUERY_HISTORY DDL stream every few minutes, isolates ALTER and DROP statements on production tables.

CategoryData Ops

Enginesim

Difficultyadvanced

Triggerschedule

Steps5

Setup~25 min

How it runs

The automated pipeline, trigger to output.

TriggerSchedule fires (every 5 min)
ActionQuery QUERY_HISTORY for DDL since watermarkSnowflake
LogicFilter to destructive DDL on production databases
ActionWrite full audit record to AxiomAxiom
OutputOpen PagerDuty incident for out-of-window changesPagerDuty

What it does

Turns Snowflake's own query history into a real-time DDL audit. It scans recently executed statements, keeps only `ALTER TABLE ... DROP/MODIFY COLUMN` and `DROP TABLE` against production databases, and escalates destructive operations to on-call so the data platform is treated like production infrastructure.

When to use it

When anyone with warehouse access can run DDL and you need an immediate, paged response to a destructive change — not a daily report. Best for regulated or high-blast-radius warehouses where an unplanned column drop is an incident, not a ticket.

How it works

1A schedule fires every few minutes.
2Query `QUERY_HISTORY` in Snowflake for DDL statements since the last watermark.
3Logic step filters to destructive operations (DROP/MODIFY column, DROP table) on the production database list.
4For each match, ship the full statement, actor, and timestamp to Axiom for the permanent audit trail.
5If any destructive change was run outside an approved change window, open a PagerDuty incident with the actor and object named.

Set it up

What you configure once, before turning it on.

1
Connect SnowflakeWarehouses, queries, shares.
2
Connect AxiomLog streams, queries, dashboards.
3
Connect PagerDutyIncidents, on-call, escalations.
4
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
5
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
6
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Data Ops workflows

Weekly BigQuery Cost Trend Sheet and Exec Digest

Compiles week-over-week BigQuery scheduled-query cost by owner and dataset into a Google Sheet with trend columns.

Daily BigQuery Scheduled-Query Cost Attribution to Owners

Each morning, totals the prior day's on-demand bytes-billed per scheduled query, maps each query to its owner from a label, and posts a per-owner cost leaderboard to Slack.

BigQuery Per-Team Budget Breach Alert to PagerDuty

Tracks month-to-date BigQuery scheduled-query spend per team and, when a team crosses its monthly budget, pages the team's on-call in PagerDuty and snapshots the spend breakdown…

dbt source freshness watcher with severity-routed alerts

Checks Snowflake loaded-at timestamps against each dbt source's freshness SLA, then routes warnings to Slack and hard breaches to a PagerDuty incident so stale data never…

dbt orphan model detector with Linear cleanup tickets

Scans your dbt manifest for models that no other model, exposure, or BI tool consumes.

Raw Sensor Telemetry Archive to BigQuery

Captures every incoming building sensor reading via webhook, normalizes the payload into a consistent schema.

Browse all Data Ops →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Finance

Research & Trading Desk

Governance-first research, execution, and risk — every trade on the audit trail.

Operations

Internal Operations

Runbooks, on-call, vendor management — disciplined and audited.

Software

Agent Hive runs Agent Hive

The team that built Agent Hive, exactly as it runs today.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →