This agent automatically monitors your warehouse for expensive queries, detects cost anomalies, and alerts your team before your bill explodes. It identifies runaway queries, inefficient patterns like full table scans or Cartesian joins, and sends detailed alerts with optimization recommendations.Documentation Index
Fetch the complete documentation index at: https://docs.buster.so/llms.txt
Use this file to discover all available pages before exploring further.
Simple Example
name: cost_monitor
description: Alert on expensive queries
prompt: |
Find yesterday's most expensive queries:
SELECT
query_text,
total_elapsed_time/1000 as seconds,
bytes_scanned/1e12 as TB_scanned
FROM snowflake.account_usage.query_history
WHERE start_time >= DATEADD('day', -1, CURRENT_DATE())
ORDER BY bytes_scanned DESC
LIMIT 10
Send Slack report to #data-costs with top 10.
triggers:
- event: scheduled
cron: "0 9 * * *" # Daily at 9 AM UTC
tools:
include:
- slack_tool
Production Example
Anomaly detection and real-time monitoring:name: warehouse_cost_monitor
description: Monitor and prevent warehouse cost explosions
prompt: |
Monitor warehouse costs and detect anomalies.
## 1. Get recent query costs
Run this query to get recent expensive queries:
SELECT
query_id,
query_text,
user_name,
warehouse_name,
start_time,
total_elapsed_time/1000 as seconds,
bytes_scanned/1e12 as tb_scanned,
credits_used_cloud_services,
(credits_used_cloud_services * 2) as estimated_cost_usd
FROM snowflake.account_usage.query_history
WHERE start_time >= DATEADD('hour', -1, CURRENT_TIMESTAMP())
ORDER BY estimated_cost_usd DESC
LIMIT 100
## 2. Identify expensive queries
For each query, classify:
**CRITICAL** (> $50):
- Single query cost > $50
- Immediate action needed
**WARNING** (> $10):
- Single query cost > $10
- Should optimize
**INEFFICIENT** (large scans):
- Scanned > 1 TB
- Might have optimization opportunities
## 3. Detect patterns
Look for:
a) **Runaway queries**:
- Same query running repeatedly
- Check: GROUP BY query_text, COUNT(*)
- If > 100 times/hour: Likely broken
b) **Full table scans**:
- No WHERE clause on large tables
- Pattern: SELECT * FROM large_table
c) **Cartesian joins**:
- JOIN without ON condition
- Result: Massive row explosion
d) **Dashboards gone wild**:
- User queries > 500 times/hour
- Likely auto-refresh set too aggressive
## 4. Alert based on severity
For CRITICAL issues, send Slack to #data-incidents:
"🚨 EXPENSIVE QUERY ALERT
Cost: $[cost] ([credits] credits)
User: [user]
Warehouse: [warehouse]
Duration: [seconds]s
Data scanned: [tb_scanned] TB
Query (truncated):
[query_text, first 500 chars]
Action required:
1. Check if query is necessary
2. Consider killing: CALL SYSTEM$CANCEL_QUERY('[query_id]')
3. Optimize query (add filters, use materialized views)
4. Contact user: [user]"
For WARNING issues:
Send to #data-costs with optimization suggestions.
## 5. Daily cost report (9 AM trigger)
Calculate yesterday's totals and send to #data-costs:
"📊 Daily Cost Report - [date]
💰 Total cost: $[total_cost] ([total_credits] credits)
📈 Usage: [total_queries] queries, [total_tb_scanned] TB scanned
🔥 Top 5 expensive queries:
1. $[cost] - [user] - [truncated_query]
...
🚀 Top users by cost:
- [user]: $[cost]
...
💡 Optimization opportunities:
- [count] queries doing full table scans
- [count] queries without LIMIT clauses"
triggers:
# Daily report
- event: scheduled
cron: "0 9 * * *"
# Real-time monitoring (every 15 min during business hours)
- event: scheduled
cron: "*/15 9-17 * * 1-5"
tools:
include:
- slack_tool