Query history is a core dataset that lets you see, at a glance, "who ran what SQL, when, on which Warehouse, and for how long." In operations, it underpins audit, SLA verification, and cost optimization; on the exam, it shows up in the context of log usage and performance observation.
This article organizes how to work with the UI, the REST API, and System Tables, and offers query examples and decision criteria you can use directly in production. Areas where behavior may change across versions are flagged, and explanations follow the official specifications.
Databricks SQL Query history is a feature that aggregates and displays execution history from SQL Warehouses. The main attributes typically shown include execution start time, user, SQL text, Warehouse, duration, and status (success/failure). In addition to UI visualization, history can be retrieved programmatically via the REST API.
Permissions and visibility depend on workspace settings and roles. In many environments, regular users can see their own history, while admins (or users with appropriate permissions) can view broader history. In environments with strict audit requirements, the standard approach is to combine Unity Catalog System Tables (e.g. system.access.audit) and account-level audit logs.
Flow from query execution to history retrieval
Check your context (a minimal, safe-to-run command)
SELECT current_user() AS user, current_catalog() AS catalog, current_schema() AS schema;Three pillars to consider when pulling query history: the UI Query history, the REST API, and Unity Catalog System Tables (audit). For operational automation and cross-cutting analysis, lean on the REST API or System Tables; for immediate troubleshooting, the UI is quickest.
With the REST API, you specify filter conditions (time range, user, Warehouse, etc.) and paginate the results, then land them in a Delta table to make secondary use easy. System Tables shine as a governance foundation, letting you aggregate history and audit events across the org with SQL.
| Method | Granularity / visibility | Automation fit | Main use |
|---|---|---|---|
| UI (Query history) | Individual detail for recent ~ fixed window | Low | Manual investigation, checking failed queries |
| REST API (/api/2.0/sql/history/queries) | Filterable by time range, user, Warehouse | High | SLA monitoring, usage trends, metrics accumulation |
| System Tables (e.g. system.access.audit) | Cross-cutting aggregation from an audit-event view | High | Audit trail, org-wide comparison, correlation analysis |
Retrieve query history via REST API and land it in Delta (example)
curl -s -X POST \
-H "Authorization: Bearer DAPIxxxxxxxx" \
-H "Content-Type: application/json" \
https://YOUR-WORKSPACE.cloud.databricks.com/api/2.0/sql/history/queries \
-d '{
"filter_by": {
"query_start_time_range": {
"start_time_ms": 1719878400000,
"end_time_ms": 1719964800000
}
},
"max_results": 1000
}'
# Process the returned JSON in a notebook, shape it with from_json, and write to Delta — the standard pattern.
# Refer to the latest documentation for the actual request/response details.Step one of audit is identifying the user, time window, source (IP/client), and the target catalog/schema/table. The UI makes it easy to trace responsibility for individual queries, but for organization-wide trends and longitudinal checks, combining with System Tables is much more powerful.
When Unity Catalog System Tables (e.g. system.access.audit) are enabled, you can produce audit trails with SQL alone. Field names and structure can differ across environments, so in practice it's smart to confirm the real schema with DESCRIBE and pair it with JSON extraction functions.
Audit aggregation with System Tables (representative example, verify the real schema)
SELECT
event_time,
user_identity.email AS user_email,
service_name,
action_name,
request_params:warehouse_id AS warehouse_id,
request_params:statement_text AS sql_text,
response_status:status_code AS status_code
FROM system.access.audit
WHERE service_name = 'sql'
AND action_name LIKE 'execute%'
AND event_time >= TIMESTAMP('2024-06-01')
ORDER BY event_time DESC
LIMIT 200;
-- Note: JSON field names like request_params/response_status may differ across environments.In practice, what proves useful is identifying p95 duration, retry frequency, and the long-form SQL templates that dominate. For ad-hoc root-cause isolation, use the UI Query history and Query profile; for structural improvements, grab the execution plan with EXPLAIN.
For repeatedly slow patterns, validate the effect of appropriate partition filters, pre-computing aggregations, revisiting join-key cardinality, and Delta optimizations (right-sizing files, Z-ORDER, etc.).
Capture the execution plan with EXPLAIN (Databricks SQL)
EXPLAIN
SELECT c.customer_id, SUM(o.amount) AS revenue
FROM sales.orders o
JOIN sales.customers c ON o.customer_id = c.customer_id
WHERE o.order_date >= DATE_SUB(CURRENT_DATE(), 30)
GROUP BY c.customer_id;Query history is the evidence base for adjusting Warehouse size, concurrency, and auto-stop. Understand the relationship between concurrent execution and latency during peak hours, and revisit scale-up/out or scheduling as needed.
For continuous monitoring, the practical approach is to land REST API-retrieved history in Delta and dashboard query count, failure rate, and p95 duration. Early on, daily batches are fine; once mature, incremental collection on a ~15-minute cadence is a good balance.
Survey query counts at 5-minute granularity from audit logs (representative example)
WITH events AS (
SELECT
window(event_time, '5 minutes') AS w,
COUNT_IF(action_name LIKE 'execute%') AS qps
FROM system.access.audit
WHERE service_name = 'sql'
AND event_time >= date_sub(current_timestamp(), 7)
GROUP BY window(event_time, '5 minutes')
)
SELECT w.start AS window_start, w.end AS window_end, qps
FROM events
ORDER BY window_start;The exam tends to test "operational playbooks" — how to choose between UI, REST API, and System Tables, and how to triage slow queries (EXPLAIN, applying filters, join strategy). The weight is on selecting the right tool for each use case, not memorizing specific endpoints.
Watch out for terminology confusion. Query history is a list of execution logs; table-change history (Delta's DESCRIBE HISTORY) is a different thing. Keep in mind that audit and performance analysis can draw from different data sources.
Aggregate p95 duration (assuming history is already in Delta)
SELECT
date_trunc('day', start_time) AS day,
APPROX_PERCENTILE(duration_ms, 0.95) AS p95_ms,
COUNT(*) AS total_queries
FROM analytics.query_history_delta
WHERE start_time >= date_sub(current_date(), 14)
GROUP BY 1
ORDER BY 1;Data Analyst
問題 1
For company-wide SLA monitoring, you want a daily dashboard of p95 query duration over the past 30 days. Which approach is the most reproducible and maintainable?
正解: A
SLA monitoring depends on automated retrieval and time-series accumulation. Regularly pulling history via REST API and landing it in Delta enables reproducible aggregation and dashboard refreshes. Manual UI work or table-change history alone lacks coverage and automation.
What's the difference between the UI Query history and Unity Catalog System Tables?
The UI Query history is an interactive screen for inspecting SQL execution history, well suited for ad-hoc troubleshooting. System Tables (e.g. system.access.audit) let you aggregate audit events across the org with SQL, and are better for organization-wide behavior analysis and long-term retention.
Are the REST API response fields and filter conditions fixed?
The API evolves, so fields and filters may be extended or changed across releases. When implementing, refer to the latest Databricks official documentation, and account for pagination and error retries.
Where should I start when investigating a slow query?
Start with Query profile in the UI to surface bottlenecks like scan volume and stage time, then check the plan with EXPLAIN. For chronically slow patterns, revisit partitioning, statistics, and data layout (small-file problems, Z-ORDER, etc.).
Practice with certification-focused question sets
無料で問題を解いてみるNicheeLab Editorial Team
NicheeLab editorial team focused on data engineering and cloud certification learning. Content is structured around practical study needs and official exam domains.
Databricks Certifications: All 7 Exams, Difficulty & Study Plan (2026)
Complete guide to all 7 Databricks certifications — Data Eng...
Databricks Exam Difficulty Ranking: All 7 Certs Compared (2026)
Every Databricks certification ranked by difficulty, with st...
Databricks Study Guide: Fastest Pass Route & Time Estimates (2026)
How to pass Databricks certifications efficiently. Official ...
Databricks Data Engineer Associate: Complete Guide (2026)
Domain-by-domain breakdown of the Databricks Certified Data ...
Databricks Data Engineer Professional: Complete Guide (2026)
Tactics for the Databricks Certified Data Engineer Professio...