Schemas:: ACCOUNT_USAGE , READER_ACCOUNT_USAGE

LOGIN_HISTORY view¶

This Account Usage view can be used to query login attempts by Snowflake users within the last 365 days (1 year).

Details about the error codes/messages for login attempts that were unsuccessful can be found in the following documentation:

Columns¶

Column Name	Data Type	Description
READER_ACCOUNT_NAME	VARCHAR	Name of the reader account for the user authentication event. This column is only included in the view in the READER_ACCOUNT_USAGE schema.
EVENT_ID	NUMBER	Internal/system-generated identifier for the login attempt.
EVENT_TIMESTAMP	TIMESTAMP_LTZ	Time (in the UTC time zone) of the event occurrence.
EVENT_TYPE	VARCHAR	Event type, such as LOGIN for authentication events.
USER_NAME	VARCHAR	User associated with this event.
CLIENT_IP	VARCHAR	IP address where the request originated.
REPORTED_CLIENT_TYPE	VARCHAR	Reported type of the client software, such as JDBC_DRIVER, ODBC_DRIVER, and so on. This information is not authenticated.
REPORTED_CLIENT_VERSION	VARCHAR	Reported version of the client software. This information is not authenticated.
FIRST_AUTHENTICATION_FACTOR	VARCHAR	Method used to authenticate the user (the first factor in multi factor authentication, if used).
SECOND_AUTHENTICATION_FACTOR	VARCHAR	The second factor in multi factor authentication. If the user did not use multi-factor authentication, this value is NULL.
IS_SUCCESS	VARCHAR	Whether the user’s request was successful or not.
ERROR_CODE	NUMBER	Error code, if the request was not successful.
ERROR_MESSAGE	VARCHAR	Error message returned to the user, if the request was not successful.
RELATED_EVENT_ID	NUMBER	Reserved for future use.
CONNECTION	VARCHAR	Name of the connection used by the client, or NULL if the client is not using a connection URL. A connection is a Snowflake object that is part of Client Redirect. It represents a connection URL that you can use to fail over to another account for business continuity and disaster recovery. . , NOTE: If a client authenticates through an identity provider (IdP) that is configured with the account URL rather than the connection URL, the IdP directs the client to the account URL after authentication is complete. The CONNECTION column for this login event is NULL. See Authentication and Client Redirect.
CLIENT_PRIVATE_LINK_ID	VARCHAR	If the user logged in using private connectivity, specifies the identifier of the endpoint from which the request originated.
FIRST_AUTHENTICATION_FACTOR_ID	VARCHAR	ID of the credential used to authenticate the user (the first factor in multi-factor authentication, if used).
SECOND_AUTHENTICATION_FACTOR_ID	VARCHAR	ID of the credential used for the second factor in multi-factor authentication. If the user did not use multi-factor authentication, this value is NULL.

Usage notes¶

Latency for the view may be up to 120 minutes (2 hours).

INTERNAL_SNOWFLAKE_IP/0.0.0.0 appears as the client IP for login events triggered by internal Snowflake operations that support your usage. For example:
- Because worksheets exist as unique sessions, when a user accesses a worksheet in Snowsight, Snowflake creates a login event that originates from INTERNAL_SNOWFLAKE_IP/0.0.0.0.
- When a Snowpark Container Services service logs into Snowflake, the client IP is masked to INTERNAL_SNOWFLAKE_IP/0.0.0.0.
This view does not record the activity of internal users the system defines to perform various operations (e.g. maintain Snowsight worksheets).