Enable saved search for the Splunk Add-on for Salesforce
The Splunk Add-on for Salesforce includes a preconfigured lookup generation saved search that you can enable on your search heads. You need to configure Salesforce object User inputs in order to collect the data. After the data has been indexed by the Splunk platform, manually run the saved search in order to populate the lookup file then set a frequency to run it that matches the frequency of configuration changes in your environment.
|Saved search name||Description|
|Lookup - USER_ID to USER_NAME||Generates the |
You can review and enable the saved search either in Splunk Web or in the configuration files.
Access and enable saved search in Splunk Web
To access and enable the saved search in Splunk Web:
- Go to Settings > Searches, reports, and alerts.
- Set the app context to Splunk Add-on for Salesforce.
- Click Enable next to Lookup - USER_ID to USER_NAME .
Access and enable saved search in
To access and enable the saved search in the configuration files complete the following steps:
- Go to
- Copy the file to
- In the local copy, change
disabled = 1to
disabled = 0.
Configure event log inputs for Splunk add-on for Salesforce
Troubleshoot the Splunk Add-on for Salesforce
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released