Splunk® Supported Add-ons

Splunk Add-on for Salesforce

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Source types for the Splunk Add-on for Salesforce

The Splunk Add-on for Salesforce provides the index-time and search-time knowledge for Salesforce event log file data and Salesforce object queries in the following formats.


Source type Description CIM data models
sfdc:logfile Salesforce event log data. Web, Change, Authentication
sfdc:<object_name> Enter the object name you want to get data from in the <object_name> field. You can either get data from a Salesforce standard object or a customized object.

For example, search for sourcetype=sfdc:LoginHistory to get the data of the login history for all successful and failed login attempts for organizations and enabled portals.
Version 2.0.0 provides default support for sfdc:contentversion.

sourcetype=sfdc:LoginHistory is mapped to Authentication.
Last modified on 29 January, 2024
PREVIOUS
Splunk Add-on for Salesforce
  NEXT
Release notes for the Splunk Add-on for Salesforce

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters