Splunk® Supported Add-ons

Splunk Add-on for Salesforce

Download manual as PDF

Download topic as PDF

Release notes for the Splunk add-on for Salesforce

Version 2.0.0 of the Splunk Add-on for Salesforce was released on October 11, 2018.

The Splunk Add-on for Salesforce version 2.0.0 introduces breaking changes. If you are upgrading from an earlier version of the Splunk Add-on for Salesforce, you must follow the steps outlined in Upgrade the Splunk Add-on for Salesforce to prevent data loss.


Version 2.0.0 of the Splunk Add-on for Salesforce is compatible with the following software, CIM version, and platforms:

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x
CIM 4.11
Platforms Platform independent
Vendor Products Salesforce API version 42.0


To upgrade to version 2.0.0 of the Splunk Add-on for Salesforce, see the Upgrade topic of this manual.

Change in source names in version 2.0.0

Version 2.0.0 of the Splunk Add-on for Salesforce supports multiple accounts or custom endpoints. Therefore, there is a new field in version 2.0.0 called UserAccountId. Also, in version 2.0.0, the account and input names appear in source names. For example, the source name that was sfdc_object://LoginHistory in previous versions is sfdc_object://LoginHistory_accountname_inputname in version 2.0.0.

New features

Version 2.0.0 of the Splunk Add-on for Salesforce provides the following new features:

  • Support for Salesforce API version 42.0
  • Support for multiple accounts
  • Support for custom endpoints
  • Escaping of ampersands in the password
  • Support for OAuth 2.0 authorization
  • Provides default support for sfdc:contentversion.

Fixed issues

Version 2.0.0 of the Splunk Add-on for Salesforce fixes the following issues:

Date resolved Issue number Description
2018-05-21 ADDON-14633 This add-on does not support user to update "Query Start Date" field once it's been configured.
2018-05-17 ADDON-15807 Splunk_TA_salesforce crashes while trying do ingest large log files
2018-05-14 ADDON-16577 Customer is experiencing authentication issues with Splunk Add-on for Salesforce

Known issues

Version 2.0.0 of the Splunk Add-on for Salesforce has the following known issues. If no issues appear below, no issues have yet been reported:

Date filed Issue number Description
2018-10-30 ADDON-20114 Few inputs do not consume data after upgrading sfdc addon from 1.0 to 2.0
2018-09-05 ADDON-19328, ADDON-19215 Basic account credentials are not validated at the time of account configuration
2017-05-16 ADDON-14793 User cannot delete the default inputs in this add-on.
2017-04-25 ADDON-14623 The data collection is slow and/or possible data loss when user add multiple inputs through inputs.conf.

Splunk recommends user to configure inputs via Splunk web, instead of configuring them via inputs.conf.

If user needs to configure them in inputs.conf, do the following: 1. Set "disabled = 1" of inputs.conf under default folder $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/default/inputs.conf.
2. Restart splunk.
3. Configure the inputs under local folder $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/local/inputs.conf.
4. Go to the inputs page of this add-on to load the inputs you just configured.
5. After loading all the inputs, go to the default folder again and set "disabled = 0"
6. Restart splunk

2017-04-17 ADDON-14557 Possible data loss when modular input exits (Restart Splunk, disable input) during data collection
2017-04-16 ADDON-14545 User cannot upgrade this add-on on Windows

Disable this add-on in Splunk settings before upgrading. Then enable it after upgrade is finished.
Source types for the Splunk add-on for Salesforce
Hardware and software requirements for the Splunk Add-on for Salesforce

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters