This app relies on Splunk Add-on for Salesforce to index structured and unstructured data from your Salesforce instance over the REST API. Please install download this addon from https://splunkbase.splunk.com/app/3549/ and make sure you go through its documentation.
Data Collected by the Addon:
The unstructured data is coming from the Salesforce Event Log File API. This API needs to be enabled on your instance and it is not enabled by default. For any questions about this API, please contact your Salesforce admin or Salesforce sales rep. for the same. For more information on the Event Log File API, please refer to the following link:
Salesforce release notes
The structured data is mainly used for enriching the log events via lookups. This data is collected over REST API as well by periodically running SOQL queries. The poll frequency is configurable as needed
You can watch a short demo video of the App here Splunk App for Salesforce Video
For Frequently asked question, please refer to the bottom of that page
The following diagram represents the logical architecture of the Splunk App for Salesforce:
Enable the Salesforce Event Log File API
The Splunk App for Salesforce relies on the Event Log File API to access the Salesfoce log data. This API is not enabled by default.
Common use cases of this API include tracking user activity, user feature adoption, and troubleshooting issues that may arise in your Salesfoce environment, and many others.
For more information please refer to the following Link:
Event Log File API
Please contact your Salesforce admin or rep. to get access to the Event Log File API.
Salesforce Service Account
In order to collect the data from Salesforce, Splunk App for Salesforce requires a Salesforce user to be created with the following permission:
Login to Workbench by accessing the following URL: link
Select Jump to “SOQL Query”
And object set to “Account”
On the next screen make sure you have access to the following Objects (under the Object drop down list):
This command has been removed and deprecated from App
1- App relies on Add-on for data collection. No longer has data collection
2- App is used for Visualization only
3- Deprecated the chatter feed command
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.