Splunk® Supported Add-ons

Splunk Add-on for Salesforce

Lookups for the Splunk Add-on for Salesforce

The following topic contains information on the lookups for the Splunk Add-on for Salesforce.

KV Store lookups for the Splunk add-on for Salesforce

Lookup definition Purpose
lookup_sfdc_usernames The lookup is used to enrich the Salesforce events coming from Event Log File and LoginHistory.

It maps USER_ID to user's information, such as UserId,Email,Username,Name,LastName,FirstName,etc

For Event Log File, it maps USER_ID to user's information, such as UserId, Email, Username, Name, LastName, and FirstName. For LoginHistory, it maps UserId to user's information, such as Email, Username, Name, LastName, and FirstName.


Scripted lookups for the Splunk add-on for Salesforce

The Splunk Add-on for Salesforce includes one scripted lookup. The script for the lookup is located in $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/bin.

Lookup definition Purpose
lookup_sfdc_user_agent_scripted The lookup is used to enrich the Salesforce events coming from Event Log File.

Maps the USER_AGENT which is a number to human readable http_user_agent.

Lookup lookup_sfdc_user_agent.csv has been removed starting in version 4.1.0 of the Splunk Add-on for Salesforce.

Last modified on 29 January, 2024
Troubleshoot the Splunk Add-on for Salesforce  

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters