Databricks on AWS OCF Connector: Install and Configure


Firewall Configuration

  • Open the outbound TCP port 443 to Databricks on AWS server


The driver for Databricks on AWS is compiled with the connector and does not require installation. Refer to the Support Matrix. for your Alation release to find out the version of the available driver for Databricks on AWS.

Service Account

Sample SQL to create an account

CREATE USER alation WITH PASSWORD 'password';

Permissions for Metadata Extraction and Profiling

The service account must have the following permissions to perform MDE and profiling:

By default, all cluster users have access to all data stored in a cluster’s managed tables unless table access control is enabled for that cluster. The table access control option is only available for high-concurrency clusters. Refer to Table Access Control for more information

If the Table Access Control option is enabled on the cluster:

  • Grant the SELECT privilege on all schemas and all their tables and views in a catalog.

    GRANT USAGE ON CATALOG <catalog-name> TO `<user>@<domain-name>`;
    GRANT SELECT ON CATALOG <catalog-name> TO `<user>@<domain-name>`;
  • Grant the SELECT privilege on a specific schema and all its tables and views.

    GRANT USAGE ON SCHEMA <schema-name> TO `<user>@<domain-name>`;
    GRANT SELECT ON SCHEMA <schema-name> TO `<user>@<domain-name>`;
  • Grant the SELECT privilege on specific tables and views in a schema.

    GRANT USAGE ON SCHEMA <schema-name> TO `<user>@<domain-name>`;
    GRANT SELECT ON TABLE <schema-name>.<table-name> TO `<user>@<domain-name>`;
    GRANT SELECT ON VIEW <schema-name>.<view-name> TO `<user>@<domain-name>`;

Refer to Data object privileges for more information.


When building the URI, include the following components:

  • Hostname or IP of the instance

  • Port number

  • HTTP path

URI Format:




QLI Configuration in Databricks

Configure an AWS IAM role to save the query logs in AWS S3. For additional information on how to set up secure access to S3 buckets using an AWS IAM role, see this Databricks topic.


The logs should be pointed to an S3 bucket other than the Databricks root S3 bucket. Do not use the root directory. The Databricks root S3 bucket operates like Alation’s chroot: it prevents outside tools from reading or modifying the files.

You can perform QLI either using a Python init script or a Scala script. In Alation version 2021.2 and later versions, we recommend using the Python init script as this approach generates smaller log files and the admin does not need to re-run the script after restarting the cluster.

Python Init Script

This is the recommended option.

Perform the steps in this sections to enable QLI using a Python init script:

  1. For Alation to connect with Databricks and extract QLI, you need to have the Databricks clusters save their logs to an accessible S3 bucket that is not the AWS storage settings bucket.

  2. The S3 bucket that stores the logs must have AWS IAM role settings as recommended in Secure Access to S3 Buckets using Instance Profiles.

  3. Ensure that you use the following settings:

    • Destination is S3.

    • The bucket path is correct. If it points to the same folder as the AWS Storage Settings, Alation will experience Access Denied issues since the AWS storage settings bucket is Access Protected by Databricks.

    • Your AWS region matches the new S3 bucket region

  4. In the Databricks settings portal, ensure that the Cluster Log Path and Destination are set under the Logging tab. Do not leave the Destination path as None.


    For more information on how to set the logging path in DBFS, see Databricks documentation.

    You can choose to mount external storage onto the DBFS for log storage. For more information on the mount process, see Amazon S3.

  5. Create a Python Notebook and run the script given below on your Databricks cluster using this Python notebook. This script creates the scripts directory to store the QLI script.

  6. In the same notebook, run the next script to create the file with the init script in the scripts directory.

    Databricks version lesser than 11.x:

    echo "Executing on Driver: $DB_IS_DRIVER"
    if [[ $DB_IS_DRIVER = "TRUE" ]]; then
    echo "Adjusting here: ${LOG4J_PATH}"
    echo "" >> ${LOG4J_PATH}
    echo "log4j.appender.publicFile.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss.SS} [%t] %p %c{1}: %m%n" >> ${LOG4J_PATH}""", True)

    Databricks version 11.x and later:

    echo "Executing on Driver:"
    echo "Adjusting log4j2.xml here: ${LOG4J_PATH}"
    sed -i '0,/<PatternLayout pattern="%d{yy\/MM\/dd HH:mm:ss} %p %c{1}: %m%n%ex"\/>/s//<PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SS} [%t] %p %c{1}: %m%n"\/>/' ${LOG4J_PATH}
    sed -i 's/<\/Loggers>/<Logger name="org.apache.spark.sql.execution.SparkSqlParser" level="DEBUG"\/><\/Loggers>/' ${LOG4J_PATH}""", True)


    Alternatively, you can create the init script locally and copy it to the Databricks cluster using the following command:

    dbfs cp dbfs:/databricks/scripts/
  7. Use the following command to make sure that the script was created successfully:

  8. Use the cluster configuration page to configure the cluster to run the init script: Add init script.

  9. Restart the cluster.

Scala Script

Run the following script in the Databricks cluster through a Scala notebook. This script, provided by Databricks, enables debug logs having queries.

Databricks version lesser than 11.x:

import org.apache.log4j.{LogManager, Level, ConsoleAppender}
import org.apache.commons.logging.LogFactory
import org.apache.log4j.PatternLayout


   val ca = LogManager.getRootLogger().getAppender("publicFile")
   println("layout " + ca.getLayout.asInstanceOf[PatternLayout].getConversionPattern)
   ca.setLayout(new PatternLayout("%d{yy/MM/dd HH:mm:ss} [%t] %p %c{1}: %m%n"));

Databricks version 11.x and later:

import org.apache.logging.log4j.LogManager
import org.apache.logging.log4j.core.LoggerContext
import org.apache.logging.log4j.core.config.{Configuration, LoggerConfig}
import org.apache.logging.log4j.core.config.Configurator
import org.apache.logging.log4j.Level
import org.apache.logging.log4j.core.layout.PatternLayout
import org.apache.logging.log4j.core.appender.RollingFileAppender;
import org.apache.logging.log4j.core.appender.RollingFileAppender.Builder;
import org.apache.logging.log4j.core.filter.AbstractFilterable;
import org.apache.logging.log4j.core.config.AppenderRef;
import org.apache.logging.log4j.core.appender.rewrite.RewriteAppender;
import com.databricks.logging.ServiceRewriteAppender;
import org.apache.logging.log4j.core.config.AbstractConfiguration;

val ctx = LogManager.getContext(false).asInstanceOf[LoggerContext];
val conf = ctx.getConfiguration();
val layout = PatternLayout.newBuilder()
.withPattern("%d{yyyy-MM-dd HH:mm:ss.SS} [%t] %p %c{1}: %m%n")

val rollingFileAppender = conf.getAppenders().get("publicFile.rolling").asInstanceOf[RollingFileAppender];
val appenderBuilder: RollingFileAppender.Builder[_] = RollingFileAppender.newBuilder();
val appender =;

val appenderRef = Array(AppenderRef.createAppenderRef(appender.getName(), null, null));
var policy = new ServiceRewriteAppender();

val rewriteAppender = conf.getAppenders().get("publicFile.rolling.rewrite").asInstanceOf[RewriteAppender];
val updatedRewriteAppender = RewriteAppender.createAppender(rewriteAppender.getName(), String.valueOf(rewriteAppender.ignoreExceptions()), appenderRef, conf, policy, rewriteAppender.getFilter());


val config = ctx.getConfiguration().asInstanceOf[AbstractConfiguration];


conf.getRootLogger().addAppender(updatedRewriteAppender, null, null);


The above script should be run whenever the cluster is started or restarted. By default, Databricks does not enable debug level logs.

Configuration in Alation

Step 1: Install the Connector

Alation On-Prem


Installation of OCF connectors requires Alation Connector Manager to be installed as a prerequisite.

  1. If this has not been done on your instance, install the Connector Manager: Install Alation Connector Manager.

  2. Make sure that the connector Zip file which you received from Alation is available on your local machine.

  3. Install the connector on the Connectors Dashboard page. Refer to Manage Connector Dashboard for details.

Alation Cloud Service


OCF connectors require Alation Connector Manager. Alation Connector Manager is available by default on all Alation Cloud Service instances and there is no need to separately install it.

  1. Make sure that the OCF connector Zip file that you received from Alation is available on your local machine.

  2. Install the connector on the Connectors Dashboard page: refer to Manage Connector Dashboard.

Step 2: Create and Configure a New Databricks on AWS Data Source

  1. Log in to the Alation instance and add a new Databricks on AWS source by clicking on Apps > Sources > Add > Data Source.

  2. Provide a Title for the data source and click on *Continue Setup.

  3. From the Database Type dropdown, select Databricks OCF Connector. You will be navigated to the Settings page of your new Databricks on AWS OCF data source.



On the Access tab, set the data source visibility using these options:

  • Public Data Source—The data source will be visible to all users of the catalog.

  • Private Data Source—The data source will be visible to the users allowed access to the data source by Data Source Admins.

You can add new Data Source Admin users in the Data Source Admins section.

General Settings

Perform the configuration on the General Settings tab:

  1. Specify Application Settings:



    BI Connection Info

    Not applicable

    Disable Automatic Lineage Generation

    Not applicable

  2. Click Save.

  3. Specify Connector Settings:



    Data Source Connection


    Provide the JDBC URI constructed in JDBC URI


    Provide the service account username.


    Provide the service account password.

    Logging Information

    Log Level

    Select the Log Level to generate logs. The available log levels are based on the log4j framework.

  4. Click Save.

  5. Obfuscate Literals - Enable this toggle to hide the details of the queries in the catalog page that are ingested via QLI or executed in Compose. This toggle is disabled by default.

  6. Under Test Connection, click Test to validate network connectivity.


Deleting the Data Source

You can delete your data source from the General Settings tab. Under Delete Data Source, click Delete to delete the data source connection.

Metadata Extraction

You can perform a default extraction which is based on default SQL queries that are built in the connector code.

Application Settings

  • Enable Raw Metadata Dump or Replay: The options in this drop list can be used to dump the extracted metadata into files in order to debug extraction issues before ingesting the metadata into Alation. This feature can be used during testing in case there are issues with MDE. It breaks extraction into two steps: first, the extracted metadata is dumped into files and can be viewed; and second, it can be ingested from the files into Alation. It is recommended to keep this feature enabled only if debugging is required.

    • Enable Raw Metadata Dump: Select this option to save the extracted metadata into a folder for debugging purposes. The dumped data will be saved in four files (attribute.dump, function.dump, schema.dump, table.dump) in the folder opt/alation/site/tmp/ inside Alation shell.

    • Enable Ingestion Replay: Select this option to ingest the metadata from the dump files into Alation.

    • Off - Disable the Raw Metadata Dump or Replay feature. Extracted metadata will be ingested into Alation.

Selective Extraction

On the Metadata Extraction tab, you can select the Schemas to include or exclude from extraction. Selective extraction settings are used to apply a filter to include or exclude a list of schemas.

Enable the Selective Extraction toggle if you want only a subset of schemas to be extracted.

  1. Click Get List of Schemas to first fetch the list of schemas. The status of the Get Schemas action will be logged in the Extraction Job Status table at the bottom of the Metadata Extraction page.

  2. When Schema synchronization is complete, a drop-down list of the Schemas will become enabled.

  3. Select one or more schemas as required.

  4. Check if you are using the desired filter option. Available filter options are described below:

Filter Option


Extract all Schemas except

Extract metadata from all Schemas except from the selected Schemas.

Extract only these Schemas

Extract metadata only from the selected Schemas.

  1. Click Run Extraction Now to extract metadata. The status of the extraction action is also logged in the Job History table at the bottom of the page.

Automated Extraction

If you wish to automatically update the metadata extracted into the Catalog, under Automated and Manual Extraction, turn on the Enable Automated Extraction switch and select the day and time when metadata must be extracted. The metadata extraction will be automatically scheduled to run on the selected schedule.


On the Compose tab, an admin can enable the use of the Compose tool for this data source.

  1. Enable or disable the Allow Export and Download toggle to export or download the results of this data source.

  2. Enable the Enabled in Compose toggle to enable Compose for this data source.

    • Provide the JDBC URI in the Default Connection field which Compose will use as a default connection and Save.

    • Select Compose Connection Sharing option based on the description in the table:

      Compose Connection Option


      Shared connections across tabs

      This option lets users use the same connection across multiple Compose tabs.

      Separate connection per tab

      Users can use different connections for each Compose tab, which enables them to run multiple queries at the same time.

  3. Select a Data Uploader option based on the description below:

    Data Uploader


    Use Global Setting (True)


    Use Global Setting (False)

    Use the global setting option that is set in alation_conf using alation.data_uploader.enabled flag.

    Users can upload data if the flag is set to true or if the flag is set to false, users cannot upload the data for any data source.

    Enable for this data source

    Use this option to enable the data upload for this data source and override the global setting if the global setting in alation_conf if it is set to false.

    Disable for this data source

    Use this option to disable the data upload for this data source and override the global setting in alation_conf if it is set to true.


OAuth connection is not supported for this data source.


Data Sampling

Automated and Manual Sampling

Users can either perform manual sampling or enable automated sampling:

  1. To perform manual sampling, make sure that the Enable Automated Sampling toggle is Off. Click the Sample button to do manual sampling.

  2. Set the Enable Automated Sampling toggle to On to perform the automated sampling.

    1. Set a schedule in the corresponding fields of the schedule section, specify values for week, day and time.

    2. Select the number of tables to be sampled by selecting a value in the dropdown list. By default, all tables are sampled. When a specific number of tables is selected, unprofiled and popular tables are prioritized.

    3. Click Sample.

Per-Object Parameters

Refer to Per-Object Parameters.

Query Log Ingestion

Configure the following parameters in the following sections to perform file based QLI for this datasource.

Connector Settings


Configure AWS S3 Connection


The common format of the Databricks log files is log4j-yyyy-mm-dd-hh.log.gz and the current hour log or real-time will be in the log4j-active.log. format.

Specify the Configure AWS S3 Connections settings and click Save:



Spark Log Folder AWS S3 Path

Specify the path of S3 bucket where log files are stored.

Format: /s3_bucket_name/path_to_the_file


/databricks-logging-20220420/dbc-36ad4224-mb19/0330-193314- wuadi0q9/driver

Spark Log File Name Prefix

A common name prefix for the files to be extracted is log4j-.

Example: Files to be extracted usually have names like: log4j-2022-01-01-10.log.gz. Setting the prefix value to log4j- serves this file name format.

Number of Log Files in Directory

Provide the limit of log files that needs to be extracted from the folder. If not specified, all files matching the prefix will be captured.

Log4j Time Format

The time format is set based on the script you are using. The value should be set to yyyy-MM-dd HH:mm:ss.

Log4j Conversion Pattern

The conversion pattern is set based on the init script you are using. The format is TIMESTAMP [THREAD] LEVEL LOGGER MESSAGE.


The thread name for Databricks has a space. We enclose the thread name in square brackets to enable correct processing in Alation.

AWS S3 Settings

Specify the AWS S3 Settings and click Save:



AWS Access Key ID

Provide the AWS access key ID. Make sure that the IAM user has read access to the bucket where the log files are stored.

AWS Access Key Secret

Provide the AWS access key secret.

AWS Region

Specify the AWS region.

Exclude log files

Provide the log file names that you want to exclude from ingestion.

Automated and Manual Query Log Ingestion

Users can either perform manual QLI or enable automated QLI:

  1. To perform manual QLI, make sure that the Enable Automated Query Log Ingestion toggle is Off. Click the Import button to do manual QLI.

  2. Set the Enable Automated Query Log Ingestion toggle to On to perform the automated QLI.

  3. Set a schedule in the corresponding fields of the schedule section, specify values for week, day and time.


Hourly schedule for automated QLI is not supported.

Custom Settings

This configuration option is available if Profiling V2 is enabled.

To profile a column, Alation runs a default query if no custom query is specified for this column. Default queries for column profiling differ depending on the data type: numeric or non-numeric.

The default query supplied by Alation can be modified based on the user requirements and datasource type. The following default query template can be used to revert back to the default query from a custom query:

Numeric columns:

  MIN({column_name}) AS MIN,
  MAX({column_name}) AS MAX,
  AVG({column_name}) AS MEAN,
  (COUNT(*) - COUNT({column_name})) AS "#NULL",
  (CASE WHEN COUNT(*) > 0 THEN ((COUNT(*) -  COUNT({column_name})) * 100.0 / COUNT(*)) ELSE 0.0 END) AS "%NULL"
  FROM {schema_name}.{table_name};

Non numeric columns:

      ((SUM(CASE WHEN {column_name} IS NULL THEN 1 ELSE 0 END))) AS "#NULL",
      (CASE WHEN COUNT(*) > 0 THEN ((((SUM(CASE WHEN {column_name} IS NULL THEN 1 ELSE 0 END))) * 100.0 / count(*)) ) ELSE 0.0 END ) AS "%NULL"

FROM {schema_name}.{table_name};


The profiling queries MUST contain {column_name}, {schema_name}, and {table_name}. Users must check the compatibility of the default query based on the datasource type and modify it if required.

The default profiling query calculates the Profiling stats that are displayed on the Overview tab of the Column catalog page. When you customize the query, you can also customize the statistics that should be calculated and displayed:



Refer to Troubleshooting.