Hi Elias Haddad
We are trying to get Salesforce & Splunk integration working using the Splunk App for Salesforce developed by you.
Followed all the pre-requisites but still not able to pull any data & gone through all the FAQs. Any insights would be greatly appreciated.
Thanks,
Ravi C
did you check the troubleshooting section of the doc?
Hi Elias, Sorry to bother you but any help to resolve this will be really appreciated. We are planning to implement this in prod ASAP.
Hi Elias, Since there is no documentation available on the internet to resolve these issues except the one you created. Its really hard to get this working without the support from your end. Appreciate if you could point us in right direction.
Did anyone successfully installed & configured this app ? If yes pls share your experiences.
I was able to install and had the Splunk App for Salesforce work in my local instance. In the setup, I just provided our dev SF instance w/o the https://, the security token w/o the quotes and other credentials as is, user name and password. I followed the Details on enabling the data inputs and validating data. As long as you can get into the workbench and query tables, you should be able to connect to SF and get data.
yes & I have used https://test.salesforce.com/ in SFDC host name.
Is there anything else that I need to check Elias ?
did you run the setup and whats the url you input in the setup?
searching with index=sfdc is giving me No results found message.
While with second query I am getting below errors though I am using end point as "https://test.salesforce.com/" :
2017-04-04 17:09:44,948 ERROR 140074034743040 - Failed to send rest request=https://127.0.0.1:8089/servicesNS/nobody/splunk-app-sfdc/storage/passwords/https%5C%3A%252F%252Ftest.salesforce.com%252F%3Adummy%3A, errcode=404, reason=Requested endpoint does not exist.
host = xxxx.com
source = /apps/splunk/var/log/splunk/ta_util_rest.log
sourcetype = ta_util_conf-2
4/4/17 11:39:04.978 PM
10.94.194.224 - admin [04/Apr/2017:14:09:04.978 -0400] "GET /en-US/splunkd/__raw/services/search/shelper?output_mode=json&snippet=true&snippetEmbedJS=false&namespace=splunk-app-sfdc&search=search+index%3D_internal+error+sfdc&useTypeahead=true&useAssistant=false&showCommandHelp=true&showCommandHistory=true&showFieldInfo=false&_=1491327593898 HTTP/1.1" 200 6365 "https://xxxx.com:8000/en-US/app/splunk-app-sfdc/search" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" - 6a0a95178dd2a5e39c4218bd08786f6f 149ms
host = xxxx.com
source = /apps/splunk/var/log/splunk/splunkd_ui_access.log
sourcetype = splunkd_ui_access
4/4/1711:38:49.412 PM 2017-04-04 14:08:49,412 ERROR 140223494326016 - Failed to send rest request=https://127.0.0.1:8089/servicesNS/nobody/splunk/configs/conf-sfdc/sfdc_account, errcode=404, reason=Requested endpoint does not exist.
host = xxxx.com
source = /apps/splunk/var/log/splunk/ta_util_rest.log
sourcetype = ta_util_conf-2
by Troubleshooting sec you mean by FAQ right ?
Yes.
What do you get when you type index=sfdc
Or when you search for:
index=_internal error sfdc
Is there any way to find out if the calls are going to SF since we can get the event monitoring data using the Python code directly.
Appreciate your help.
Yes.. I did