Skip to main content

Running the Netezza collector on-premise


The latest version of the Collector is 2.189. To view the release notes for this version and all previous versions, please go here.

Ways to run the Collector

There are a few different ways to run the Collector--any of which can be combined with an automation strategy to keep your catalog up to date:

  • Create a configuration file (config.yml)Using a YAML file to run a collector - This option stores all the information needed to catalog your data sources. It is an especially valuable option if you have multiple data sources to catalog as you don't need to run multiple scripts or CLI commands separately.

  • Run the collector through a CLI - Repeat runs of the collector requires you to re-enter the command for each run.


This section walks you through the process of running the collector using CLI.

Preparing and running the command

The easiest way to create your Collector command is to:

  1. Copy the following example command in a text editor.

  2. Set the required parameters in the command. The example command includes the minimal parameters required to run the collector

  3. Open a terminal window in any Unix environment that uses a Bash shell and paste the command in it and run in.

docker run -it --rm --mount type=bind,source=${HOME}/dwcc,target=/dwcc-output \
--mount type=bind,source=${HOME}/dwcc,target=/app/log --mount type=bind,source=${HOME}/dwcc-drivers,target=/usr/src/dwcc-config/lib \ 
datadotworld/dwcc:<CollectorVersion> catalog-netezza --agent=8bank-catalog-sources \ 
--site=solutions --no-log-upload=false --upload=true --api-token=${DW_AUTH_TOKEN} \ 
--name=8bank-catalog-sources-collection --output=/dwcc-output \ --upload-location=ddw-catalogs \ 
--server=[SERVER_IP] --port=5480 --database=[DATABASE_NAME] --user=8bank-user \
--password=${DW_PASSWORD} --all-schemas=true

The following table describes the parameters for the command.

Table 1.




--mount type=bind,source= ${HOME}/dwcc-drivers

The location where you placed the JDBC driver.


dwcc: <CollectorVersion>

Replace <CollectorVersion> in with the version of the collector you want to use (For example, datadotworld/dwcc:2.184)


-a= <agent>

--agent= <agent>

--account= <agent>

The ID for the account into which you will load this catalog. The ID is the organization name as it appears in your organization. This is used to generate the namespace for any URIs generated.


-n= <catalogName>

--name= <catalogName>

The name of the catalog - this will be used to generate the ID for the catalog as well as the filename into which the catalog file will be written.


-o= <outputDir>

--output= <outputDir>

The output directory into which any catalog files should be written.

In our example we use the /dwcc -output as it is running in a Docker container and that is what we specified in the script for a Docker mount point.

You can change this value to anything you would like as long as it matches what you use in the mount point:

-mount type=bind,source=/tmp,target=/dwcc-output ...-o /dwcc-output

In this example, the output will be written to the /tmp directory on the local machine, as indicated by the mount point directive. The log file, in addition to any catalog files, will be written to the directory specified in the mount point directive.




Do not upload the log of the Collector run to the organization account's catalogs dataset.


--site= <site>

This parameter should be set only for Private instances. Do not set it for public instances and single-tenant installations. Required for private instance installations.


(required for private instance installations)

-H= <apiHost>

--api-host= <apiHost>

The host for the API. NOTE: This parameter is required for single-tenant installations. For example, "" where "site" is the name of the single-tenant install.


(for single-tenant installations)

-t= <apiToken>

--api-token= <apiToken>

The API token to use for authentication. The default is to use an environment variable named DW_AUTH_TOKEN.




Whether to upload the generated catalog to the organization account's catalogs dataset or to another location specified with --upload-location (This requires that the --api-token is specified.)


--upload-location= <uploadLocation>

Provide the dataset where you want to upload the catalog. This can either be the ID of the dataset, or in the format [account/dataset ID] to upload the catalog to a dataset in another account.

Make sure you provide the ID of the dataset and not the name. The dataset ID can be found in the dataset URL from your browser's address bar. For instance, in the dataset URL:, the dataset ID is ddw-datasource-sandbox, and this is the value you should input for this parameter. If you need to provide value in the format account/dataset ID - the value will be 8bank/ddw-sandbox




The hostname of the database server to connect to.




The port of the database server (if not the default).




The name of the database to connect to.



When the --database parameter is not provided in the command/YAML file, the collector harvests metadata from all databases. If you want the collector run to not harvest specific databases, use the --exclude-database parameter and specify one or more regular expressions to indicate databases not to be cataloged. This parameter is ignored if the --database is specified.




The username to use to connect to the database.




The environment variable of the password used to connect to the database.




Catalog all schemas to which the user has access.


(if --schema is not set)



The name of the database schema to catalog.Yes (if --all-schema is not set)


(if --all-schema is not set)


When --all-schemas is specified, include the database's Information Schema in catalog collection (ignored if --all-schemas is not specified).



Skip harvesting of intra-database lineage metadata.



To enable harvesting of sample values and histograms for columns containing string data



To enable harvesting of column statistics. (i.e. data profiling)Note: Activating the profiling feature may extend the running time of the collector. This is because the collector needs to read the table data to be able to gather metadata for profiling.


--target-sample-size= targetSampleSize

To control the number of rows sampled for computation of column statistics and string-value histograms. For example, to sample 1000 rows, set the parameter as: --target-sample-size=1000.


-e= environment


If your provided server name is localhost, use this to give a friendly name to the environment in which your database server runs to help differentiate it from other environments.


-D= databseid

--database-id= databaseId

A unique identifier for this database - will be used to generate the ID for the database (this is optional, you only need to provide this if the database name used for the connection is not sufficiently unique to completely identify the database)


--jdbc-property=  driverProperties

JDBC driver properties to pass through to driver connection, as name=value pair.


Collector runtime and troubleshooting

The catalog collector may run in several seconds to many minutes depending on the size and complexity of the system being crawled.

  • If the catalog collector runs without issues, you should see no output on the terminal, but a new file that matching *.dwec.ttl should be in the directory you specified for the output.

  • If there was an issue connecting or running the catalog collector, there will be either a stack trace or a *.log file. Both of those can be sent to support to investigate if the errors are not clear.

A list of common issues and problems encountered when running the collectors is available here.

Automating updates to your metadata catalog

Maintaining an up-to-date metadata catalog is crucial and can be achieved by employing Azure Pipelines, CircleCI, or any automation tool of your preference to execute the catalog collector regularly.

There are two primary strategies for setting up the collector run times:

  • Scheduled: You can configure the collector according to the anticipated frequency of metadata changes in your data source and the business need to access updated metadata. It's necessary to account for the completion time of the collector run (which depends on the size of the source) and the time required to load the collector's output into your catalog. This could be for instance daily or weekly. We recommend scheduling the collector run during off-peak times for optimal performance.

  • Event-triggered: If you have set up automations that refresh the data in a source technology, you can set up the collector to execute whenever the upstream jobs are completed successfully. For example, if you're using Airflow, Github actions, dbt, etc., you can configure the collector to automatically run and keep your catalog updated following modifications to your data sources.


Some enterprise systems support the use of Secure Sockets Layer (SSL) encrypted communications on all external traffic. If you are harvesting metadata from a source system that requires SSL, you will need to add a CA certificate or self-signed certificate.

Obtaining the Custom SSL Certificate

  • Obtain the root certificate for your source system issued by your company. Typically your system administrator should be able to provide you with this.

Extending Docker to use custom SSL certificates

If the collector is run via Docker, extend the Docker image and install the custom certificate.

STEP 1: Prepare the Docker File

First, prepare a Dockerfile with the instructions for Docker to install the custom certificate and extend the Docker image.

  1. Ensure you are on the machine where you have downloaded the Docker Image and plan to execute the Collector.

  2. In a directory create the new Dockerfile with the following parameters for your custom SSL Certificate:


    The file should be named exactly Dockerfile [without any extensions].

    FROM datadotworld/dwcc:<collector_version>
    ADD ./<custom_certificate_file_path> <custom_certificate_file_name>
    RUN keytool -importcert -alias startssl -cacerts -storepass changeit 
    -noprompt -file <custom_certificate_file_name>
    • Replace <collector_version> with the version of the Collector you want to use (For example, datadotworld/dwcc:2.120)

    • Replace <custom_certificate_file_path> with the path to the custom SSL Certificate.

    • Replace <custom_certificate_file_name> with the name of your custom SSL Certificate file.

    For example, the command will look like:

    FROM datadotworld/dwcc:2.120
    ADD ./ ca.der certificate
    RUN keytool -importcert -alias startssl -cacerts -storepass changeit 
    -noprompt -file certificate

STEP 2: Install the certificate and extend the docker image

Next, execute the the Dockerfile to install the certificate and extend the Collector Docker Image.

  1. Using your terminal of choice, ensure you are in the directory containing the Dockerfile created in step 1.

  2. Next, create the new extended Docker image, called dwcc-cert in this example, by executing the following command:

    docker build -t dwcc-cert .

    Important things to note:

    • The command must be all lowercase.

    • The command must include the period (.) at the end, which directs Docker to use the local directory for the Dockerfile created above.

    • For the new image, the command uses the name dwcc-cert You can change the name if you want.

STEP 3: Run collector using the custom certificate

Finally, run the collector using the custom Certificate.

  1. Get the standard docker run command for the Data Source you are collecting from.

  2. Change the docker run command to use dwcc-cert image instead of dwcc image.

    Sample command for Tableau.

    docker run -it --rm --mount type=bind,source=/tmp,target=/dwcc-output \
    --mount type=bind,source=/tmp,target=/app/log dwcc-cert \
    catalog-tableau --tableau-api-base-url <baseUrl> \
    --tableau-password <password> --tableau-username <username> \
    -a <account> -n <catalogName> -o "/dwcc-output"

    If you are using YAML file for running the collector, edit the command to use dwcc-cert image instead of dwcc image.

    docker run -it --rm --mount type=bind,source=${HOME}/dwcc,target=/dwcc-output \ 
     --mount type=bind,source=${HOME}/dwcc,target=/app/log -e DW_AUTH_TOKEN=${DW_AUTH_TOKEN} \

Adding custom SSL certificates when using jar

If the collector is run via jar, add the certificate to the JVM truststore.

  1. From the terminal, navigate to the directory containing the certificate.

  2. Run the following command to add the SSL certificate to the truststore:

    keytool -importcert -alias startssl -cacerts -storepass changeit -noprompt -file <custom_certificate_file_path>

    Replace <custom_certificate_file_path> with the path to the custom SSL Certificate.

    For example, the command will look like:

    keytool -importcert -alias startssl -cacerts -storepass changeit -noprompt -file ca.der
  3. Finally, run the collector using the original jar file command. Note that this command does not need any modifications.

Troubleshooting SSL certificate issues

Issue: Error observed while building the Docker image


  • The following error message occurs when building the Docker image:

ERROR: failed to solve: failed to read dockerfile


  • The Docker file is not named correctly.


  1. Ensure that the file created in Step 1 is called exactly Dockerfile without any extensions.

  2. Ensure that you are in the same directory as the Dockerfile when running the docker build <custom_image_name> . command.

Issue: Invalid certificate found error while running the collector


  • The following error occurs while running the collector:

Caused by: PKIX path building failed: unable to find valid certification path to requested target


  • There was an issue connecting to the source system using the SSL certificate.


  1. Check to make sure the SSL certificate has not expired.

  2. Ensure you have the correct SSL certificate for the source system.