Splunk® Supported Add-ons

Splunk Add-on for Salesforce

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Release history for the Splunk Add-on for Salesforce

The latest release of the Splunk Add-on for Salesforce is version 4.0.2. See the release notes for more information.

To upgrade to the latest version of the Splunk Add-on for Salesforce, see the Upgrade topic of this manual.

Version 4.0.1

Version 4.0.1 of the Splunk Add-on for Salesforce was released on June 30, 2020.

Compatibility

Version 4.0.1 of the Splunk Add-on for Salesforce is compatible with the following software, CIM version, and platforms:

Splunk platform versions 7.1.x, 7.2.x, 7.3.x, 8.0
CIM 4.15
Platforms Platform independent
Vendor Products Salesforce API versions 42.0 to 48.0

Upgrade

To upgrade to version 4.0.1 of the Splunk Add-on for Salesforce, see the Upgrade topic of this manual.

New features

Version 4.0.1 of the Splunk Add-on for Salesforce provides the following new features:

  • Enhanced python library structure.

See Choose your Splunk Enterprise upgrade path for the Python 3 migration to learn more about migrating your deployment to Python3.

Fixed issues

Version 4.0.1 of the Splunk Add-on for Salesforce fixes the following (if any) issues:

Date resolved Issue number Description
2020-07-10 ADDON-26828 Addons unable to load UI or collect data on Splunk 8.0.4, 8.0.2004 and Splunk 8.0.5
2020-07-10 ADDON-26892, ADDON-26889 Fix UI and Data collection of Addon on Splunk 8.0.4 and 8.0.2004

Known issues

Version 4.0.1 of the Splunk Add-on for Salesforce has the following known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2020-09-11 ADDON-29287 Input UI hangs when the Account in Used is deleted
2020-09-04 ADDON-29125 Inconsistent kv extraction due to extra quotes present in Salesforce event log csv
2020-02-19 ADDON-25333 Behavior changes observed for some fields in different Product Version for sourcetype="sfdc:logfile"
2020-02-04 ADDON-25183, ADDON-25885 Addons UI is not compatible with Splunk 7.3.3 and Splunk 7.3.4

Workaround:
Customer can switch to any other Splunk version compatible with all their apps and add-ons.
2017-05-16 ADDON-14793 User cannot delete the default inputs in this add-on.
2017-04-25 ADDON-14623 The data collection is slow and/or possible data loss when user add multiple inputs through inputs.conf.

Workaround:
Splunk recommends user to configure inputs via Splunk web, instead of configuring them via inputs.conf.

If user needs to configure them in inputs.conf, do the following: 1. Set "disabled = 1" of inputs.conf under default folder $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/default/inputs.conf.
2. Restart splunk.
3. Configure the inputs under local folder $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/local/inputs.conf.
4. Go to the inputs page of this add-on to load the inputs you just configured.
5. After loading all the inputs, go to the default folder again and set "disabled = 0"
6. Restart splunk

2017-04-16 ADDON-14545 User cannot upgrade this add-on on Windows

Workaround:
Disable this add-on in Splunk settings before upgrading. Then enable it after upgrade is finished.

Third-party software attributions

Version 4.0.1 of the Splunk Add-on for Salesforce incorporates the following third-party software libraries:

Version 4.0.0

Version 4.0.0 of the Splunk Add-on for Salesforce was released on April 2, 2020.

Compatibility

Version 4.0.0 of the Splunk Add-on for Salesforce is compatible with the following software, CIM version, and platforms:

Splunk platform versions 7.1.x, 7.2.x, 7.3.x, 8.0
CIM 4.15
Platforms Platform independent
Vendor Products Salesforce API versions 42.0 to 48.0

Upgrade

To upgrade to version 4.0.0 of the Splunk Add-on for Salesforce, see the Upgrade topic of this manual.

New features

Version 4.0.0 of the Splunk Add-on for Salesforce provides the following new features:

  • Support for Salesforce API versions 42.0 to 48.0.
  • Support for descending sorting order of queries.
  • Support for hourly EventLogFile ingestion.
  • OAuth access token is automatically updated if it expires during data collection

See Choose your Splunk Enterprise upgrade path for the Python 3 migration to learn more about migrating your deployment to Python3.

Fixed issues

Version 4.0.0 of the Splunk Add-on for Salesforce fixes the following (if any) issues:

Date resolved Issue number Description
2020-02-05 ADDON-19328, ADDON-19215 Basic account credentials are not validated at the time of account configuration

Known issues

Version 4.0.0 of the Splunk Add-on for Salesforce has the following known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2020-09-11 ADDON-29287 Input UI hangs when the Account in Used is deleted
2020-09-04 ADDON-29125 Inconsistent kv extraction due to extra quotes present in Salesforce event log csv
2020-06-01 ADDON-26892, ADDON-26889 Fix UI and Data collection of Addon on Splunk 8.0.4 and 8.0.2004
2020-05-29 ADDON-26859 Data collection stops with RelativeURIError
2020-05-26 ADDON-26828 Addons unable to load UI or collect data on Splunk 8.0.4, 8.0.2004 and Splunk 8.0.5

Workaround:
As a manual workaround, the "import html" statement on Line 16 of splunk/lib/python3.7/site-packages/splunk/util.py file could be commented out, which does not require Splunk restart to take affect.
2020-02-19 ADDON-25333 Behavior changes observed for some fields in different Product Version for sourcetype="sfdc:logfile"
2020-02-04 ADDON-25183, ADDON-25885 Addons UI is not compatible with Splunk 7.3.3 and Splunk 7.3.4

Workaround:
Customer can switch to any other Splunk version compatible with all their apps and add-ons.
2017-05-16 ADDON-14793 User cannot delete the default inputs in this add-on.
2017-04-25 ADDON-14623 The data collection is slow and/or possible data loss when user add multiple inputs through inputs.conf.

Workaround:
Splunk recommends user to configure inputs via Splunk web, instead of configuring them via inputs.conf.

If user needs to configure them in inputs.conf, do the following: 1. Set "disabled = 1" of inputs.conf under default folder $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/default/inputs.conf.
2. Restart splunk.
3. Configure the inputs under local folder $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/local/inputs.conf.
4. Go to the inputs page of this add-on to load the inputs you just configured.
5. After loading all the inputs, go to the default folder again and set "disabled = 0"
6. Restart splunk

2017-04-16 ADDON-14545 User cannot upgrade this add-on on Windows

Workaround:
Disable this add-on in Splunk settings before upgrading. Then enable it after upgrade is finished.

Third-party software attributions

Version 4.0.0 of the Splunk Add-on for Salesforce incorporates the following third-party software libraries:


Version 3.0.0

Version 3.0 of the Splunk Add-on for Salesforce was released on October 21, 2019.

Compatibility

Version 3.0 of the Splunk Add-on for Salesforce is compatible with the following software, CIM version, and platforms:

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x, 8.0
CIM 4.11
Platforms Platform independent
Vendor Products Salesforce API version 42.0

Upgrade

To upgrade to version 3.0 of the Splunk Add-on for Salesforce, see the Upgrade topic of this manual.

New features

Version 3.0 of the Splunk Add-on for Salesforce provides the following new features:

  • Support for Python 3

See Choose your Splunk Enterprise upgrade path for the Python 3 migration to learn more about migrating your deployment to Python3.

Fixed issues

Version 3.0 of the Splunk Add-on for Salesforce fixes the following (if any) issues:

Date resolved Issue number Description
2019-09-11 ADDON-20992, ADDON-20295 Fix issue: modinput throws exception for NULL value
2019-02-19 ADDON-20114 Few inputs do not consume data after upgrading sfdc addon from 1.0 to 2.0

Known issues

Version 3.0 of the Splunk Add-on for Salesforce has the following known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2020-02-19 ADDON-25333 Behavior changes observed for some fields in different Product Version for sourcetype="sfdc:logfile"
2020-02-04 ADDON-25183, ADDON-25885 Addons UI is not compatible with Splunk 7.3.3 and Splunk 7.3.4

Workaround:
Customer can switch to any other Splunk version compatible with all their apps and add-ons.
2018-09-05 ADDON-19328, ADDON-19215 Basic account credentials are not validated at the time of account configuration
2017-05-16 ADDON-14793 User cannot delete the default inputs in this add-on.
2017-04-25 ADDON-14623 The data collection is slow and/or possible data loss when user add multiple inputs through inputs.conf.

Workaround:
Splunk recommends user to configure inputs via Splunk web, instead of configuring them via inputs.conf.

If user needs to configure them in inputs.conf, do the following: 1. Set "disabled = 1" of inputs.conf under default folder $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/default/inputs.conf.
2. Restart splunk.
3. Configure the inputs under local folder $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/local/inputs.conf.
4. Go to the inputs page of this add-on to load the inputs you just configured.
5. After loading all the inputs, go to the default folder again and set "disabled = 0"
6. Restart splunk

2017-04-17 ADDON-14557 Possible data loss when modular input exits (Restart Splunk, disable input) during data collection
2017-04-16 ADDON-14545 User cannot upgrade this add-on on Windows

Workaround:
Disable this add-on in Splunk settings before upgrading. Then enable it after upgrade is finished.

Third-party software attributions

Version 3.0 of the Splunk Add-on for Salesforce incorporates the following third-party software libraries:


Version 2.0.0

Version 2.0.0 of the Splunk Add-on for Salesforce was released on October 11, 2018.

The Splunk Add-on for Salesforce version 2.0.0 introduces breaking changes. If you are upgrading from an earlier version of the Splunk Add-on for Salesforce, you must follow the steps outlined in Upgrade the Splunk Add-on for Salesforce to prevent data loss.

Compatibility

Version 2.0.0 of the Splunk Add-on for Salesforce is compatible with the following software, CIM version, and platforms:

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x
CIM 4.11
Platforms Platform independent
Vendor Products Salesforce API version 42.0

Upgrade

To upgrade to version 2.0.0 of the Splunk Add-on for Salesforce, see the Upgrade topic of this manual.

Change in source names in version 2.0.0

Version 2.0.0 of the Splunk Add-on for Salesforce supports multiple accounts or custom endpoints. Therefore, there is a new field in version 2.0.0 called UserAccountId. Also, in version 2.0.0, the account and input names appear in source names. For example, the source name that was sfdc_object://LoginHistory in previous versions is sfdc_object://LoginHistory_accountname_inputname in version 2.0.0.

New features

Version 2.0.0 of the Splunk Add-on for Salesforce provides the following new features:

  • Support for Salesforce API version 42.0
  • Support for multiple accounts
  • Support for custom endpoints
  • Escaping of ampersands in the password
  • Support for OAuth 2.0 authorization
  • Provides default support for sfdc:contentversion.

Fixed issues

Version 2.0.0 of the Splunk Add-on for Salesforce fixes the following issues:

Date resolved Issue number Description
2018-05-21 ADDON-14633 This add-on does not support user to update "Query Start Date" field once it's been configured.
2018-05-17 ADDON-15807 Splunk_TA_salesforce crashes while trying do ingest large log files
2018-05-14 ADDON-16577 Customer is experiencing authentication issues with Splunk Add-on for Salesforce

Known issues

Version 2.0.0 of the Splunk Add-on for Salesforce has the following known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2020-08-31 ADDON-29058 Data collection stops while using DESC on the Order By clause
2018-10-30 ADDON-20114 Few inputs do not consume data after upgrading sfdc addon from 1.0 to 2.0
2018-09-05 ADDON-19328, ADDON-19215 Basic account credentials are not validated at the time of account configuration
2017-05-16 ADDON-14793 User cannot delete the default inputs in this add-on.
2017-04-25 ADDON-14623 The data collection is slow and/or possible data loss when user add multiple inputs through inputs.conf.

Workaround:
Splunk recommends user to configure inputs via Splunk web, instead of configuring them via inputs.conf.

If user needs to configure them in inputs.conf, do the following: 1. Set "disabled = 1" of inputs.conf under default folder $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/default/inputs.conf.
2. Restart splunk.
3. Configure the inputs under local folder $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/local/inputs.conf.
4. Go to the inputs page of this add-on to load the inputs you just configured.
5. After loading all the inputs, go to the default folder again and set "disabled = 0"
6. Restart splunk

2017-04-17 ADDON-14557 Possible data loss when modular input exits (Restart Splunk, disable input) during data collection
2017-04-16 ADDON-14545 User cannot upgrade this add-on on Windows

Workaround:
Disable this add-on in Splunk settings before upgrading. Then enable it after upgrade is finished.
Last modified on 13 October, 2020
PREVIOUS
Release notes for the Splunk Add-on for Salesforce
  NEXT
Hardware and software requirements for the Splunk Add-on for Salesforce

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters