QUESTION

 How do I make a separate Snowflake table for a new log source that uses the same schema as an existing one? I want my data to remain separate.

ANSWER

Currently, there is no straightforward way to split Snowflake tables by log source. 

As a workaround, you can follow this process:

  1. For the logs that you want in a separate table, redirect them to a different data transport source (such as S3).

  2. Clone the existing schema to use with the separate log source. Note that the cloned schema would not automatically update to sync to the Panther-managed schema.