All Apps and Add-ons

Splunk App for Salesforce: How to configure multiple accounts for different organizations?


Hi, i have to collect logs from multiple org with different accounts in my Splunk Enterprise Infrastructure. Is there a way to configure the Splunk App for Salesforce with multiple accounts/org, or do i have to install different apps (one for every org)?

Thank you


Did you find a way to configure the Salesforce app with multiple accounts?

0 Karma


If I understand your question... You're interested in knowing how to have a different splunk_ta_windows for each org so each org can have its own settings for example.

This is an interesting question because some of these TAs feed into larger apps such as the Splunk app for windows infrastructure.

Typically in your situation I would recommend different search heads for each organization and if there are any regulatory issues that might be faced based on one org possibly having access to another orgs data, I would recommend completely separate environments.

However, if you're a conglomerate, and you want 10 of your different brands / divisions using splunk for example, but they each have their own active directory/ ldap domains / infrastructure, then i would just create an app for each of them like below:


For each I would create their own roles and ldap strategies in different apps like below:


Same with indexes, and pretty much everything else.

However in most cases like this, I think you will find its still best to have separate infrastructure altogether. We know management loves the idea of "Multitenant" to save costs, but unless you have a seriously strong "big data" focused architecture team, you'll probably fail at engineering this pipe dream.

0 Karma

Esteemed Legend

Hi splunk_cv,
if you need to grant administrative privileges to the two organization's persons, the best way is to have different Splunk instances for each organization.

If instead they are only users and you maintain the administrative privileges, you can both install different Apps for each of them or use the same App but every way with different Indexes, because Splunk access rights to data is given at Index level so you have to create different Indexes for each organization and (if you use the same App) address all the indexes in your App using an eventtype (e.g.: index=index1 OR index=index2) instead the classical index =myindex.


0 Karma
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...