All Apps and Add-ons

Error 400 when ingesting CronTrigger, CronJobDetail from Salesforce

arist0telis
Explorer

Full disclosure, I'm a Salesforce guy rather than a Splunk guy. I'm working with my internal Splunk team to try and ingest my CronTrigger and CronJobDetail objects from my org so I can monitor for some job hang statuses, or when developers make jobs with hard end dates.

The Splunk team is getting a 400 error on these objects, and their queries look okay to me. I did find a separate article in here about setting intervals for date predicates (https://community.splunk.com/t5/All-Apps-and-Add-ons/Salesforce-object-response-status-400/m-p/44400...) and I've passed that on to them to investigate. I've also suggested they try ingesting a single field from each object and see if they can get anything back.

In the meantime, has anybody here ingested these two objects into Splunk? Most of what I'm finding on Google is that a 400 message is a bad query, but can't this error also be thrown if the integration user doesn't have object access? If so I may be at an impasse since these are system objects, not standard or custom. Salesforce has these locked down so tight that even with my level of access I can't view the basic system properties to these, not that I'd be interested in messing with access around them.

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...