Splunk® Supported Add-ons

Splunk Add-on for Salesforce

Configure Salesforce object inputs for the Splunk add-on for Salesforce

Configure Salesforce object inputs for the Splunk Add-on for Salesforce using Splunk Web or via configuration files using the information in the following input parameters tables.

Due to the complexity of the setup, Splunk recommends configuring inputs for Salesforce via Splunk Web.

Before you configure Salesforce object inputs, see the following three points:

  • The Splunk add-on for Salesforce provides seven default inputs. The basic settings of these inputs are configured. If you want to use these inputs, You need to add your Salesforce account and token before enabling them.
  • If you want to use this add-on with Splunk App for Salesforce, you must enable six default inputs provided by this add-on. They are account, dashboard, loginhistory, opportunity, report, and user.
  • Make sure your Salesforce account has enough permission to access the Salesforce object(s) you want to get data from. See Configure Salesforce account to collect data.

Configure Salesforce object inputs via Splunk web

  1. Click Create New Input in the Inputs tab, and then choose Salesforce Object. If you want to use the default inputs provided by Splunk, click Action > Edit.
  2. Enter the information in the related fields using the following input parameters table.

Input Parameters

Each attribute in the following table corresponds to a field in Splunk Web:

Attribute Corresponding field in Splunk Web Description
account Salesforce Account The Salesforce account which has enough permission to get the related data in.
object Object The Salesforce object you want to get the data from.
object_fields Object Fields Object fields from which to collect data. You can add multiple fields separated by commas (,).
order_by Order by The datetime field by which to query results in ascending order for indexing.
interval Interval The number of seconds to wait before the Splunk platform runs the command again.
index Index The index in which to store Salesforce object data. The default is default.
start_date Query Start Date The add-on starts collecting data with a date later than this. The format is YYYY-MM-DDThh:mm:ss.000z and the default value is 90 days earlier from now. For example, 2015-01-01T00:00:00.000z would represent January 1, 2015.
delay Delay To delay the live data collection by the specified value. This resolves the missing data issue caused by the delayed processing of events from the Salesforce server. The default is 0 seconds.

When to configure the delay parameter while creating Salesforce Objects

Use the delay found on the Salesforce platform for publishing events to configure the delay parameter:

  • The default value of the delay parameter is 0 seconds.
  • For example, if there's a delay of 10 seconds for events getting published in the Salesforce platform, configure the delay parameter with integer value "10". That way, the data collection will happen 10 seconds after the real-time.
Last modified on 14 October, 2024
Set up the Splunk Add-on for Salesforce   Configure event log inputs for the Splunk add-on for Salesforce

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters