https://community.splunk.com/t5/Splunk-Cloud-Platform/Splunk-DB-Connect-to-Snowflake-Data-missing/m-p/760789#M4227 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/170906">@livehybrid</a>&nbsp;We have cloud instance, so no changes can be made there. With regards to snowflake we are not observing any errors.<BR />This is happening only when we 'Upsert'. Tested without 'Upsert' no issues of dropping so far. We have XS warehouse and it is pretty fast. Only issue is we need to right a script to remove duplicates in snowflake.&nbsp;</P> Fri, 08 May 2026 02:51:42 GMT veereshdandur 2026-05-08T02:51:42Z https://community.splunk.com/t5/Splunk-Cloud-Platform/Splunk-DB-Connect-to-Snowflake-Data-missing/m-p/760718#M4224 <P>Hi Everyone,<BR /><BR />I am sending data to snowflake. I send data every 15 mins. In DB Connect output search I make sure I add extra 5 mins for additional data if there is a data loss. During peak hours, when data is more than 2000 rows, I see data missing in snowflake. I do upsert to dedup the duplicates as our TransactionId is unique. Our query generates time in the format:<SPAN>05/06/2026 12:01:57.786 AM EDT but I convert it to&nbsp;2026-05-06 00:01:57.786 -0400 to accommodate snowflake time requirement. Here is the transformation I use to accommodate it:<BR />&nbsp;</SPAN></P><P>| eval DateTime_ET_clean = DateTime_ET<BR />| eval DateTime_ET_clean = replace(DateTime_ET_clean, " EDT$", " -04:00")<BR />| eval DateTime_ET_clean = replace(DateTime_ET_clean, " EST$", " -05:00")</P><P>| eval DateTime_ET_epoch = strptime(DateTime_ET_clean, "%m/%d/%Y %I:%M:%S.%3N %p %z")</P><P>| eval DateTime_ET_SF = strftime(DateTime_ET_epoch, "%Y-%m-%d %H:%M:%S.%3N %z")<BR /><BR />After all these, I still see 20-30% data loss. We are not sure how to make sure all the data is propagated. Out snowflake warehouse is XS in size.</P> Wed, 06 May 2026 05:21:21 GMT https://community.splunk.com/t5/Splunk-Cloud-Platform/Splunk-DB-Connect-to-Snowflake-Data-missing/m-p/760718#M4224 veereshdandur 2026-05-06T05:21:21Z https://community.splunk.com/t5/Splunk-Cloud-Platform/Splunk-DB-Connect-to-Snowflake-Data-missing/m-p/760730#M4225 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/316979">@veereshdandur</a>&nbsp;</P><P>Are you able to increase the size of your Snowflake deployment to rule this out? It sounds like perhaps Snowflake isnt processing the events being sent? Are there any logs in either the Snowflake environment or in _internal in Splunk which suggest any errors sending the data?</P><P><span class="lia-unicode-emoji" title=":glowing_star:">🌟</span><SPAN>&nbsp;</SPAN><STRONG>Did this answer help you?</STRONG><SPAN>&nbsp;</SPAN>If so, please consider:</P><UL><LI>Adding karma to show it was useful</LI><LI>Marking it as the solution if it resolved your issue</LI><LI>Commenting if you need any clarification</LI></UL><P>Your feedback encourages the volunteers in this community to continue contributing</P> Wed, 06 May 2026 09:52:16 GMT https://community.splunk.com/t5/Splunk-Cloud-Platform/Splunk-DB-Connect-to-Snowflake-Data-missing/m-p/760730#M4225 livehybrid 2026-05-06T09:52:16Z https://community.splunk.com/t5/Splunk-Cloud-Platform/Splunk-DB-Connect-to-Snowflake-Data-missing/m-p/760789#M4227 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/170906">@livehybrid</a>&nbsp;We have cloud instance, so no changes can be made there. With regards to snowflake we are not observing any errors.<BR />This is happening only when we 'Upsert'. Tested without 'Upsert' no issues of dropping so far. We have XS warehouse and it is pretty fast. Only issue is we need to right a script to remove duplicates in snowflake.&nbsp;</P> Fri, 08 May 2026 02:51:42 GMT https://community.splunk.com/t5/Splunk-Cloud-Platform/Splunk-DB-Connect-to-Snowflake-Data-missing/m-p/760789#M4227 veereshdandur 2026-05-08T02:51:42Z