Databricks Community

TejeshS · ‎01-10-2025

We need to implement an event-based trigger system that can detect any manual intervention performed by users. Upon detection of such an event, the system should automatically send a warning email. The events can be generated through DLT or other processes.

However, we are specifically avoiding SQL-based alerts at the workflow level because querying large datasets from system tables could be cost-prohibitive and result in performance degradation, especially for events that generate substantial data volumes.

An example of a query that is currently under consideration is:

select * from system.access.audit
where action_name like '%Group%' and user_identity.email != 'e9db3613-14b1-46b2-a6dc-593b139f32e9'
limit 50;

This query identifies user actions, but executing it on large datasets could lead to inefficiencies. Thus, a more efficient event-based approach is required.

Walter_C · ‎01-10-2025

Just to understand your request you are looking if there is another way to get users events outside the system tables that can make your workflow more efficient?

TejeshS · ‎01-20-2025

Yes, We need information to monitor the events as an incremental processed dataset, without running the query every time.

Walter_C · ‎01-20-2025

Unfortunately the system events are only tracked via the system table, only option to have more recent data will be to re execute the query each time is needed.

Databricks Community

Event based Alert based on certain events from System Audit tables

Photos

Join Us as a Local Community Builder!

Business Intelligence in the Era of AI

🚀 Monthly Databricks Get Started Days – Accelerate Your Learning Journey! 🚀

Databricks Community Champion - March 2025 - Takuya Omi

Intelligent Data Warehousing: AI/BI for Self-service Analytics

Get Started With Lakehouse Architecture | Pass a quiz to earn your certificate completion.