Schemas:: ACCOUNT_USAGE , READER_ACCOUNT_USAGE

LOGIN_HISTORY view¶

This Account Usage view can be used to query login attempts by Snowflake users within the last 365 days (1 year).

Details about the error codes/messages for login attempts that were unsuccessful can be found in the following documentation:

Columns¶

Column Name	Data Type	Description
READER_ACCOUNT_NAME	TEXT	Name of the reader account for the user authentication event. Column only included in view in READER_ACCOUNT_USAGE schema.
EVENT_ID	NUMBER	Internal/system-generated identifier for the login attempt.
EVENT_TIMESTAMP	TIMESTAMP_LTZ	Time (in the UTC time zone) of the event occurrence.
EVENT_TYPE	TEXT	Event type, such as LOGIN for authentication events.
USER_NAME	TEXT	User associated with this event.
CLIENT_IP	TEXT	IP address where the request originated from.
REPORTED_CLIENT_TYPE	TEXT	Reported type of the client software, such as JDBC_DRIVER, ODBC_DRIVER, etc. This information is not authenticated.
REPORTED_CLIENT_VERSION	TEXT	Reported version of the client software. This information is not authenticated.
FIRST_AUTHENTICATION_FACTOR	TEXT	Method used to authenticate the user (the first factor, if using multi factor authentication).
SECOND_AUTHENTICATION_FACTOR	TEXT	The second factor, if using multi factor authentication, or NULL otherwise.
IS_SUCCESS	TEXT	Whether the user’s request was successful or not.
ERROR_CODE	NUMBER	Error code, if the request was not successful.
ERROR_MESSAGE	TEXT	Error message returned to the user, if the request was not successful.
RELATED_EVENT_ID	NUMBER	Reserved for future use.
CONNECTION	TEXT	Name of the connection used by the client, or NULL if the client is not using a connection URL. Connection is a Snowflake object that is part of Client Redirect. It represents a connection URL that can be failed over across accounts for business continuity and disaster recovery. . , NOTE: If a client authenticates through an identity provider (IdP) that is configured with the account URL rather than the connection URL, the IdP directs the client to the account URL after authentication is complete. The CONNECTION column for this login event is NULL. See Authentication and Client Redirect.
CLIENT_PRIVATE_LINK_ID	TEXT	If the user logged in using private connectivity, specifies the identifier of the endpoint from which the request originated.

Usage notes¶

Latency for the view may be up to 120 minutes (2 hours).

INTERNAL_SNOWFLAKE_IP/0.0.0.0 appears as the client IP for login events triggered by internal Snowflake operations that support your usage. For example:
- Because worksheets exist as unique sessions, when a user accesses a worksheet in Snowsight, Snowflake creates a login event that originates from INTERNAL_SNOWFLAKE_IP/0.0.0.0.
- When a Snowpark Container Services service logs into Snowflake, the client IP is masked to INTERNAL_SNOWFLAKE_IP/0.0.0.0.
This view does not record the activity of internal users the system defines to perform various operations (e.g. maintain Snowsight worksheets).