How to Analyze Private Business Metrics Securely with Grafana Cloud PDC and AI Assistant

Observability platforms traditionally focused on infrastructure metrics, but organizations increasingly need to visualize business data stored in private databases. Grafana Cloud’s Private Data Source Connect (PDC) provides a secure bridge for this use case, and the integrated AI assistant simplifies query construction for complex relational data.

Goal

Connect a private PostgreSQL database to Grafana Cloud without exposing it to the public internet, then use Grafana Assistant to generate queries and visualizations for business metrics.

Prerequisites

Active Grafana Cloud account (any tier)
PostgreSQL 12+ database running in a private network
Outbound internet access from the database network (for PDC agent)
Administrative access to create Grafana data sources

Step 1: Deploy the PDC Agent

PDC establishes an encrypted SSH tunnel between your private network and Grafana Cloud. The agent runs within your network perimeter and initiates outbound connections to Grafana, eliminating inbound firewall rules.

Navigate to Connections > Private Data Source Connect in your Grafana Cloud instance. Click “Add Agent” and provide a name for this deployment. Grafana generates a unique token pair and configuration file.

Deploy the agent using the provided Docker command or Kubernetes manifest. For high availability, run multiple agent instances with the same configuration:

docker run -d \
  --name grafana-pdc-agent \
  -e TOKEN=<your-token> \
  -e GF_PDC_TUNNEL=<tunnel-endpoint> \
  grafana/pdc-agent:latest

Step 2: Configure the PostgreSQL Data Source

With the agent running, create a new PostgreSQL data source in Grafana Cloud:

Go to Connections > Data Sources > Add new data source
Select PostgreSQL
Enable “Private Data Source Connect” toggle
Choose the agent deployed in Step 1
Enter internal connection details: host (as resolved from the agent’s network), port, database, credentials
Save and test the connection

The connection test queries flow through the encrypted tunnel without ever exposing your database to the internet.

Step 3: Use Grafana Assistant for Query Generation

Grafana Assistant can now access your private data. When creating a new panel, open the Assistant chat and describe what you want to visualize:

“Show revenue trends by quarter for the last two years with year-over-year comparison”

The Assistant generates the SQL query, suggests appropriate visualization types, and explains the data transformation. For complex joins or aggregations, you can iterate on the query by asking follow-up questions.

Common Pitfalls

DNS resolution: The agent resolves database hostnames using its local DNS. Ensure internal DNS is configured correctly within the agent’s container.
Credential permissions: The database user needs SELECT permissions on tables you plan to visualize. Grant minimal permissions following least-privilege principles.
Query performance: Business queries often involve complex joins that may time out. Set appropriate query limits and consider materialized views for expensive aggregations.

Verify

Confirm the setup works correctly:

Check agent status in Grafana Cloud under PDC settings—status should show “Connected”
Create a test panel with a simple query: SELECT 1
Verify network traffic flows through the tunnel by checking agent logs
Test AI Assistant access: ask it to describe a table from your database schema

The combination of PDC’s secure tunneling and AI-powered query assistance enables business teams to explore private data safely without requiring database expertise or network engineering support.