All Apps and Add-ons

Splunk add-on for Salesforce - oAuth

ADRIANODL
Explorer

Hi folks,

I just set up an oAuth authentication for the integration between Splunk and our SF instance. Everything seems normal, but events are not being received, and when I check Splunk internal errors, I get the following message:

Salesforce refresh_token is not
configured for account "xyz". Add-on
is going to exit.

Does anybody know where I can config such refresh_token? The UI does not show anything like that.

Cheers,

0 Karma

bhargavnariyani
Path Finder

Hi @ADRIANODL ,

The refresh_token doesn't gets saved in conf file because you may have missed this permission in Salesforce Connected App. Adding this in Salesforce would have the refresh_token in response and thus it will get saved in conf file and thus resolve this error in the end.

Reference Screenshot:-
alt text

ehenriksen_splu
Splunk Employee
Splunk Employee

Taking a look at the set-up for the Salesforce app, you'll need to outline that token in splunk_ta_salesforce_account.conf. In the conf file, you'll need to create a new stanza for the account name and add the token there. See example:

[account_name] // The account name you create in this add-on
endpoint = // URL of the Salesforce endpoint
auth_type = basic
username = // The Salesforce username you want to use
password = // The password of the Salesforce username
token = // (Optional) The security token is needed if your Splunk instance is

Please reference https://docs.splunk.com/Documentation/AddOns/released/Salesforce/Setupv2#Set_up_basic_authentication... for where to input your refresh_token.

If you are looking for your refresh token in salesforce, I'd recommend starting here: https://help.salesforce.com/articleView?id=remoteaccess_oauth_refresh_token_flow.htm&type=5. I'm admittedly less familiar with salesforce oauth, but it appears other users were able to recover the refresh token with a few queries to auth. (see responses to this post: https://developer.salesforce.com/forums/?id=906F0000000AgInIAK)

0 Karma

ADRIANODL
Explorer

Thanks for your response @ehenriksen, however we're using Splunk Cloud. I'm not able to edit config files myself.
Does that mean I have to raise a ticket with the splunk support team? Or is there any other way to get this done?

Cheers,

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...