Count schema changes over time

TL;DR

Use this when you need to visualize or audit how often schema snapshots occur over time.

Problem / Use case

You want to track how many schema snapshots are being generated in the system over time to monitor configuration changes or detect unexpected schema churn.

Query

source system/engine.schema_fields
| groupby snapshotStartTime
    aggregate count() as snapshots
| sortby snapshotStartTime asc

This query groups schema field snapshots by their start time, counts how many were recorded per time period, and sorts them chronologically.

Expected output

snapshotStartTime	snapshots
1759957200000000000	416940
1759960800000000000	413454
1759964400000000000	408979
1759968000000000000	422913

Variations

Group by day instead of exact timestamp: groupby formatTimestamp(snapshotStartTime:timestamp, '%Y-%m-%d') aggregate count() as snapshots
Filter by schema type to focus on a specific dataset before grouping.

Previous Calculate Lambda function invocation duration

Next Audit schema field types and values by dataset