Hi All,
I have searched the community threads for posts similar to this, but none have quite addressed the issue I am seeing.
I have Splunk Cloud 9.1.2 and would like to retrieve logging from Snowflake.
Following this snowflake integration blog I have installed the Splunk DB Connect app (3.15.0) and the Splunk DXB Add-on for Snowflake JDBC (1.2.1). (using the self-service app install process on Victoria experience)
When creating the identity in Splunk (matching the user created in Snowflake) this works fine, however creating the connection fails to validate (after trying for approximately 4-5 minutes) and gives me the following non-descript error:
connection string:
jdbc:snowflake://<account>.<region>.snowflakecomputing.com/?user=SPLUNK_USER&db=SNOWFLAKE&role=SPLUNK_ROLE&application=SPLUNK
Output:
In the logs I can see slightly more:
2024-02-26 00:59:26.501 +0000 [dw-868 - GET /api/connections/SnowflakeUser/status] INFO com.splunk.dbx.connector.logger.AuditLogger - operation=validation connection_name=SnowflakeUser stanza_name= state=error sql='SELECT current_date()' message='JDBC driver: query has been canceled by user.'
This appears to hit some sort of timeout for the JDBC driver.
The other thing I can see is the stanza appears to be blank in this result. However the default Snowflake stanza in the DB connect app matches the stanza created in the Snowflake blogpost.
Any troubleshooting help would be much appreciated.
Another sign something is not right - when I construct the database query as described in the Snowflake Integration blog post the resulting SQL string is completely malformed.
SQL string from the integration post:
SQL string results when I select the same options:
I am able to construct the SQL string using the selection options, however each selection takes another 4-5min to load.
