The Splunk Add-on for Salesforce allows a Splunk software administrator to collect different types of data from Salesforce using REST APIs. The data includes:
This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security, the Splunk App for PCI Compliance, and Splunk IT Service Intelligence.
Splunk Version: 6.4 and later
CIM version: 4.6
Source types of Splunk Add-on for Salesforce:
To collect the data from Salesforce, create a Salesforce account with the following permission:
To collect Salesforce Event Log data, enable the Salesforce Event Log File API. For any questions about this API, please contact your Salesforce admin or Salesforce sales representative.
You can use Splunk Web to collect data from Salesforce.
After configuring the data input for Splunk Add-on for Salesforce, enter sourcetype=sfdc:logfile or sourcetype=sfdc:<object name=""> in Splunk Search to see whether the data is coming in.
The Splunk Add-on for Salesforce includes the following lookup. The lookup is used to enrich the Salesforce events coming from Event Log File and LoginHistory.
lookup_sfdc_usernames.csv: It maps USER_ID to user's information, such as UserId,Email,Username,Name,LastName,FirstName,etc.
Follow the steps to populate data in the lookup:
To see the log of the two Salesforce data inputs, use the following SPL:
index=_internal sourcetype=sfdc:object:log: The internal logs for Salesforce Object data input. index=_internal sourcetype=sfdc:eventlog:log: The internal logs for Salesforce Event Log data input.
For general troubleshooting, see http://docs.splunk.com/Documentation/AddOns/released/Overview/Troubleshootadd-ons.
Please note this is the beta version of Splunk Add-on for Salesforce.
* You may encounter bugs and performance issues when using this add-on. Send your feedback to us at https://answers.splunk.com.
* The beta version of Splunk Add-on for Salesforce does not support the Splunk App for Salesforce. You must uninstall Splunk App for Salesforce before using this add-on.
* For terms and conditions with regards to use the beta version, see https://www.splunk.com/en_us/legal/splunk-pre-release-software-license-agreement.html
Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.