All Apps and Add-ons

Splunk add-on for Salesforce - oAuth


Hi folks,

I just set up an oAuth authentication for the integration between Splunk and our SF instance. Everything seems normal, but events are not being received, and when I check Splunk internal errors, I get the following message:

Salesforce refresh_token is not
configured for account "xyz". Add-on
is going to exit.

Does anybody know where I can config such refresh_token? The UI does not show anything like that.


0 Karma

Path Finder


The refresh_token doesn't gets saved in conf file because you may have missed this permission in Salesforce Connected App. Adding this in Salesforce would have the refresh_token in response and thus it will get saved in conf file and thus resolve this error in the end.

Reference Screenshot:-
alt text

Splunk Employee
Splunk Employee

Taking a look at the set-up for the Salesforce app, you'll need to outline that token in splunk_ta_salesforce_account.conf. In the conf file, you'll need to create a new stanza for the account name and add the token there. See example:

[account_name] // The account name you create in this add-on
endpoint = // URL of the Salesforce endpoint
auth_type = basic
username = // The Salesforce username you want to use
password = // The password of the Salesforce username
token = // (Optional) The security token is needed if your Splunk instance is

Please reference for where to input your refresh_token.

If you are looking for your refresh token in salesforce, I'd recommend starting here: I'm admittedly less familiar with salesforce oauth, but it appears other users were able to recover the refresh token with a few queries to auth. (see responses to this post:

0 Karma


Thanks for your response @ehenriksen, however we're using Splunk Cloud. I'm not able to edit config files myself.
Does that mean I have to raise a ticket with the splunk support team? Or is there any other way to get this done?


Get Updates on the Splunk Community!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...

Starting With Observability: OpenTelemetry Best Practices

Tech Talk Starting With Observability: OpenTelemetry Best Practices Tuesday, October 17, 2023   |  11AM PST / ...

Streamline Data Ingestion With Deployment Server Essentials

REGISTER NOW! Every day the list of sources Admins are responsible for gets bigger and bigger, often making ...