All Apps and Add-ons

Can the SetupAuditTrail object be used as an input in the Splunk Add-on for Salesforce?

bullcitydave
Engager

I would like to add the SetupAuditTrail object as an input in the Splunk Add-on for Salesforce, but I have been unsuccessful, compared to other objects like LoginHistory, which is pulling fine. Is there a limitation or something I am doing incorrect in my input configuration?

Not Getting Pulled
SetupAuditTrail Input

Getting Pulled
LoginHistory input

Tags (1)

AarthiRamesh
Engager

Did you get the SetUpAuditTrail logs to Splunk? I am facing the same issue

0 Karma

guarisma
Contributor

Hello,

Your Object Fields and Order By fields are wrong, check this Question

Object Fields should be = Id,Action,Section,CreatedDate,CreatedById,Display,DelegateUser,ResponsibleNamespacePrefix
Orther By field should be = CreatedDate

But then I discovered that it's pulling the first 90 days of events and then it stops, I think there's a bug in the code since the logs seems to be trying to pool from the checkpoint but never finds anything new anymore.

0 Karma

deepashri_123
Motivator

@bullcitydave,

May be try reducing the interval,Since its 7200 the data will be available after 2hrs. Try reducing interval for testing and once confirmed set back to normal.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...