All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk App for Salesforce Eventlog limiter for query start date: What is the time format for limiting events?

bandit
Motivator
‎02-09-2016 09:38 AM

Under Settings » Data inputs » Salesforce Event Log » EventLog

Get event log data from Salesforce.com.
Query Start Date:The initial date/time to use for the first query. If nothing is specified, the query will default to starting 90 days prior the date of the first run.

I tried the following to ignore Eventlog events earlier than 2/1/16, however it still receive events prior to that date.
2016-02-01T00:00:00.000Z
and
1454284800000 (epoch time for Mon, 01 Feb 2016 00:00:00 GMT)

0 Karma
Reply

kaydub00
Explorer
‎02-07-2019 11:29 AM

Just want to point out, the correct format is only accepted with a lowercase z.

2016-02-01T00:00:00.000z

0 Karma
Reply

bandit
Motivator
‎02-10-2016 04:29 PM

This appears to be the correct format. 2016-02-01T00:00:00.000Z

The issue was that the constraint is only honored for a new input setup . Changes are ignored if you edit after the setup. Workaround was to clone the input, add the constraint and to disable the old input.

0 Karma
Reply
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

 March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...