Splunk® Supported Add-ons

Splunk Add-on for Salesforce

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Configure Salesforce object inputs for Splunk add-on for Salesforce

Configure Salesforce object inputs for the Splunk Add-on for Salesforce using Splunk Web or via configuration files using the information in the following input parameters tables.

Due to the complexity of the setup, Splunk recommends configuring inputs for Salesforce via Splunk Web.

Before you configure Salesforce object inputs, note the following three points:

  • The Splunk add-on for Salesforce provides seven default inputs. The basic settings of these inputs are configured. If you want to use these inputs, You need to add your Salesforce account and token before enabling them.
  • If you want to use this add-on with Splunk App for Salesforce, you must enable six default inputs provided by this add-on. They are account, dashboard, loginhistory, opportunity, report, and user.
  • Make sure your Salesforce account has enough permission to access the Salesforce object(s) you want to get data from. See Configure Salesforce account to collect data.

Configure Salesforce object inputs via Splunk web

  1. Click Create New Input in the Inputs tab, and then choose Salesforce Object. If you want to use the default inputs provided by Splunk, click Action > Edit.
  1. Enter the information in the related fields using the following input parameters table.

Configure Salesforce object inputs via inputs.conf

To configure inputs manually in inputs.conf, create stanzas using the following parameters and add them to $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/local/inputs.conf. If the file or path does not exist, create it.

[sfdc_object://<name>]
account = <string>
object =<string>
object_fields = <string>
order_by = <string>
start_date = < YYYY-MM-DDThh:mm:ss.000z>
interval = <integer>
limit = <integer>
python.version = <string>

If you want to use the default inputs, the default value of the inputs can be found in $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/default/inputs.conf. You can copy the file to the local folder and edit it using the parameters table below.

Input Parameters

Each attribute in the following table corresponds to a field in Splunk Web:

Attribute Corresponding field in Splunk Web Description
account Salesforce Account The Salesforce account which has enough permission to get the related data in.
object Object The Salesforce object you want to get the data from.
object_fields Object Fields Object fields from which to collect data. You can add multiple fields separated by commas (,).
order_by Order by The datetime field by which to query results in ascending order for indexing.
interval Interval The number of seconds to wait before the Splunk platform runs the command again.
index Index The index in which to store Salesforce object data. The default is default.
start_date Query Start Date The add-on starts collecting data with a date later than this. The format is YYYY-MM-DDThh:mm:ss.000z and the default value is 90 days earlier from now.
limit Limit The maximum results returned by the query. The default is 1000.
Last modified on 13 October, 2020
PREVIOUS
Set up the Splunk Add-on for Salesforce
  NEXT
Configure event log inputs for Splunk add-on for Salesforce

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters