All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk add-on for Salesforce - oAuth

ADRIANODL
Explorer
‎02-19-2019 05:52 PM

Hi folks,

I just set up an oAuth authentication for the integration between Splunk and our SF instance. Everything seems normal, but events are not being received, and when I check Splunk internal errors, I get the following message:

Salesforce refresh_token is not
configured for account "xyz". Add-on
is going to exit.

Does anybody know where I can config such refresh_token? The UI does not show anything like that.

Cheers,

0 Karma
Reply

bhargavnariyani
Path Finder
‎07-22-2019 11:57 PM

Hi @ADRIANODL ,

The refresh_token doesn't gets saved in conf file because you may have missed this permission in Salesforce Connected App. Adding this in Salesforce would have the refresh_token in response and thus it will get saved in conf file and thus resolve this error in the end.

Reference Screenshot:-
alt text

Preview file
1 KB
Reply

ehenriksen_splu
Splunk Employee
Splunk Employee
‎02-19-2019 07:58 PM

Taking a look at the set-up for the Salesforce app, you'll need to outline that token in splunk_ta_salesforce_account.conf. In the conf file, you'll need to create a new stanza for the account name and add the token there. See example:

[account_name] // The account name you create in this add-on
endpoint = // URL of the Salesforce endpoint
auth_type = basic
username = // The Salesforce username you want to use
password = // The password of the Salesforce username
token = // (Optional) The security token is needed if your Splunk instance is

Please reference https://docs.splunk.com/Documentation/AddOns/released/Salesforce/Setupv2#Set_up_basic_authentication... for where to input your refresh_token.

If you are looking for your refresh token in salesforce, I'd recommend starting here: https://help.salesforce.com/articleView?id=remoteaccess_oauth_refresh_token_flow.htm&type=5. I'm admittedly less familiar with salesforce oauth, but it appears other users were able to recover the refresh token with a few queries to auth. (see responses to this post: https://developer.salesforce.com/forums/?id=906F0000000AgInIAK)

0 Karma
Reply

ADRIANODL
Explorer
‎02-21-2019 03:29 PM

Thanks for your response @ehenriksen, however we're using Splunk Cloud. I'm not able to edit config files myself.
Does that mean I have to raise a ticket with the splunk support team? Or is there any other way to get this done?

Cheers,

Reply
Get Updates on the Splunk Community!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...

Starting With Observability: OpenTelemetry Best Practices

Tech Talk Starting With Observability: OpenTelemetry Best Practices Tuesday, October 17, 2023   |  11AM PST / ...

Streamline Data Ingestion With Deployment Server Essentials

REGISTER NOW! Every day the list of sources Admins are responsible for gets bigger and bigger, often making ...