Skip to main content
Glama

Panther MCP Server

Official
by panther-labs
GitHub
Python
Apache 2.0
26
  • Apple
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

query_data_lake

Execute custom SQL queries on Panther's data lake for advanced analysis, ensuring Snowflake SQL syntax and p_event_time filtering. Retrieve results, column info, and stats efficiently.

Instructions

Execute custom SQL queries against Panther's data lake for advanced data analysis and aggregation.

All queries MUST conform to Snowflake's SQL syntax.

If the table has a p_event_time column, it must use a WHERE clause to filter upon it.

Guidance:

For efficiency, when checking for values in an array, use the snowflake function ARRAY_CONTAINS( <value_expr> , <array> ).

When using ARRAY_CONTAINS, make sure to cast the value_expr to a variant, for example: ARRAY_CONTAINS('example@example.com'::VARIANT, p_any_emails).

When interacting with object type columns use dot notation to traverse a path in a JSON object: <column>:<level1_element>.<level2_element>.<level3_element>. Optionally enclose element names in double quotes: <column>:"<level1_element>"."<level2_element>"."<level3_element>".

If an object/JSON element name does not conform to Snowflake SQL identifier rules, for example if it contains spaces, then you must enclose the element name in double quotes.

Returns: Dict containing: - success: Boolean indicating if the query was successful - status: Status of the query (e.g., "succeeded", "failed", "cancelled") - message: Error message if unsuccessful - query_id: The unique identifier for the query (null if query execution failed) - results: List of query result rows - column_info: Dict containing column names and types - stats: Dict containing stats about the query - has_next_page: Boolean indicating if there are more results available - end_cursor: Cursor for fetching the next page of results, or null if no more pages

Permissions:{'all_of': ['Query Data Lake']}

Input Schema

NameRequiredDescriptionDefault
database_nameNopanther_logs.public
sqlYesThe SQL query to execute. Must include a p_event_time filter condition after WHERE or AND. The query must be compatible with Snowflake SQL.
timeoutNoTimeout in seconds before the SQL query is cancelled. If the query fails due to timeout, the caller should consider a longer timeout.

Input Schema (JSON Schema)

{ "properties": { "database_name": { "default": "panther_logs.public", "title": "Database Name", "type": "string" }, "sql": { "description": "The SQL query to execute. Must include a p_event_time filter condition after WHERE or AND. The query must be compatible with Snowflake SQL.", "title": "Sql", "type": "string" }, "timeout": { "default": 30, "description": "Timeout in seconds before the SQL query is cancelled. If the query fails due to timeout, the caller should consider a longer timeout.", "title": "Timeout", "type": "integer" } }, "required": [ "sql" ], "type": "object" }
Install Server

Other Tools from Panther MCP Server

Related Tools

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/panther-labs/mcp-panther'

If you have feedback or need assistance with the MCP directory API, please join our Discord server