Splunk® Supported Add-ons

Splunk Add-on for Salesforce

Set up the Splunk Add-on for Salesforce

The Splunk Add-on for Salesforce provides two ways for authenticating accounts: basic authentication, and OAuth 2.0 authentication.

For basic authentication, you can configure the Splunk Add-on for Salesforce either through Splunk Web or by making changes directly in configuration files. Due to the complexity of the setup, configuring the add-on through Splunk Web is a best practice. For OAuth, you must configure the add-on through Splunk Web.

Set up basic authentication using Splunk Web

To set up the Splunk Add-on for Salesforce using Splunk Web, complete the following steps:

  1. Go to the Splunk Add-on for Salesforce either by clicking the name of this add-on on the left navigation banner on the Splunk Web home page or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Salesforce.
  2. Click the Configuration tab to set up Salesforce credentials, as well as an optional proxy and logging level.
  3. Go to the Account tab.
  4. Click Add.
  5. Add a unique Account Name.
  6. Select a Salesforce environment value: Production, Sandbox, or Other. Other is for adding a custom endpoint that is different than the default endpoint. Here is an example: my-dev-ed.my.salesforce.com.
  7. Select the Salesforce API Version to configure your account with. Default API Version is 60.0.
  8. Select Basic Authentication for the Auth Type.
  9. Enter your Salesforce Username, Password, and Security Token. You do not need to add a token if your instance is in the trusted IP range.

Security token is used in combination with a password to access Salesforce through the API. The purpose of this token is to improve the security between Salesforce users and Salesforce.com. Please refer to this document for more information on Security token.

Set up OAuth authentication using Splunk Web

  1. Go to the Splunk Add-on for Salesforce either by clicking the name of this add-on on the left navigation banner on the Splunk Web home page or by going to Manage Apps, then clicking Launch App in the row for the Splunk Add-on for Salesforce. See Set up OAuth App in the Salesforce in this manual for more information.
  2. Click the Configuration tab to set up Salesforce credentials, as well as an optional proxy and logging level.
  3. Go to the Account tab.
  4. Click Add.
  5. Add a unique Account Name.
  6. Select a Salesforce environment value: Production, Sandbox, or Other. Other is for adding a custom endpoint that is different than the default endpoint. Here is an example: my-dev-ed.my.salesforce.com.
  7. Select the Salesforce API Version to configure your account with. Default API Version is 60.0.
  8. Select OAuth 2.0 Authentication as the Auth Type.
  9. Enter your Salesforce Client Id and Client Secret. The Client ID is called "Consumer Key" in your Salesforce managed app. Client Secret is called "Consumer Secret" in your Salesforce managed app.
  10. Copy and paste the Redirect URL you see on the screen in your Salesforce instance. After pasting it, it can take about 10 minutes for the changes to take effect.
  11. Click Add.
  12. A popup opens for authorization consent from your Salesforce instance. Enter your authorization credentials.
  13. Click Grant access.
  14. (Optional) To configure multiple accounts, in the Splunk Add-on for Salesforce, make sure that you are logged in to the Salesforce account that you want to configure. To verify which account you have logged-in in the Salesforce for the same browser, perform the following steps:
    1. In a compatible web browser, navigate to your Salesforce account, and log out of your account.
    2. In the same browser, navigate to your Splunk platform instance, and open Splunk Web.
    3. In Splunk Web, navigate to the Splunk Add-on for Salesforce, and click on the Configuration page.
    4. Enter the client ID and client secret of your Salesforce account.
    5. Click the "Save" button. A pop up will ask to log in into the Salesforce account.
    6. Enter the credentials of your Salesforce account.
    7. Click Grant Access.
    8. Once the save is successful, navigate to your Salesforce account, and repeat the process to configure any additional Salesforce accounts.

Splunk add-on for Salesforce uses '''Authorization code flow''' when add-on is configured to use '''OAuth 2.0 Authentication'''.

Set up a proxy and logging level

If you are using a proxy, provide the following information on the Configuration tab:

  1. Check Enable Proxy.
  2. Specify the Host, Port, Username, and Password values.
  3. Check the DNS resolution box if you want to perform DNS resolution through your proxy.
  4. Select the type of proxy to use in the Proxy Type field.
  5. If you want to change the Logging level, select a new one.
  6. Click Save.

Checkpoint management

If the Splunk Add-on for Splunkbase versions 2.0.0 and above find an existing checkpoint for a given input, a Use existing data input prompt appears. If you select Yes, then the add-on continues collecting data from that checkpoint. If you select No, then the add-on resets data collection, and data collection commences from your specified query start date. If you select No and there is not a specified start date, data collection commences from the default start date.

Set up basic authentication using configuration files

You can configure your add-on by providing the settings in the local splunk_ta_salesforce_settings.conf and splunk_ta_salesforce_account.conf file.

  • splunk_ta_salesforce_settings.conf includes the proxy settings, logging level settings of the Splunk add-on for Salesforce.
  • splunk_ta_salesforce_account.conf includes Salesforce account settings of the Splunk add-on for Salesforce.

To configure the Splunk Add-on for Salesforce using configuration files, complete the following steps:

  1. Create a file named splunk_ta_salesforce_settings.conf in the local folder of the add-on $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/local .
  2. Copy the following stanzas and provide the necessary values in the local splunk_ta_salesforce_settings.conf file:
    [proxy]
    proxy_enabled =  [0|1]
    proxy_type = [http|socks5]
    proxy_url = <string>
    proxy_port = <integer>
    proxy_username = <string>
    proxy_password = <string>
    proxy_rdns = [0|1]
    
    [logging]
    loglevel = [DEBUG|INFO|WARNING|ERROR|CRITICAL] 
    
  3. Create a file named splunk_ta_salesforce_account.conf in the local folder of the add-on $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce/local .
  4. '
  5. Copy the following stanza and provide the necessary values in the local splunk_ta_salesforce_account.conf file:
    [account_name] // The account name you create in this add-on
    endpoint = <string> // URL of the Salesforce endpoint without http or https scheme. For example, my-dev-ed.my.salesforce.com
    auth_type = basic
    username = <string> // The Salesforce username you want to use
    password = <string> // The password of the Salesforce username
    token = <string> // (Optional) The security token is needed if your Splunk instance is outside the Salesforce trusted IP range
    sfdc_api_version = <number> // Salesforce API version (42.0, 43.0, 44.0, 45.0, 46.0, 47.0, 48.0, 49.0, 50.0, 51.0, 52.0, 53.0, 54.0, 55.0, 56.0, 57.0, 58.0, 59.0, 60.0)
    


  6. After updating the local splunk_ta_salesforce_settings.conf, restart the Splunk platform for the changes to take effect. The username and password are encrypted after you configure the Salesforce input for the first time.

Add SSL certificate to trust lists

If you encounter a SSLHandshakeError:

  • The SSL certificate entry might be missing from your certificate store.
  • The Salesforce server is configured over a self-signed certificate and isn't present in the library's certificate store. Follow the below steps to resolve the issue:
  1. Download the root CA certificate used in your Salesforce deployment.
  2. Copy the contents of the new certificate.
  3. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_salesforce.
  4. Create a new <certs_file>.pem file and add the content of the new certificate. Append the new certificate content if the file is already present.
  5. Open the local/splunk_ta_salesforce_settings.conf file in a text editor, create a new one if not present.
  6. Add the ca_certs_path parameter value as below:
  7. [general]
    ca_certs_path=/opt/splunk/etc/apps/Splunk_TA_salesforce/custom_ca_certs.pem # <absolute path to the <certs_file>.pem file>
    
  8. Save your changes.
  9. Restart your Splunk instance.

A certificate of all the Salesforce servers configured in this add-on must be present under the & lt;certs_file & gt;.pem file if the ca_certs_path parameter is being used, which is mentioned in the above steps.

Last modified on 14 October, 2024
Configure your Salesforce account to collect data   Configure Salesforce object inputs for the Splunk add-on for Salesforce

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters