Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Salesforce AsyncApexJob only ingests once

arist0telis
Explorer
‎09-16-2021 09:44 AM

I feel like this is a known issue & I feel like it's been around for a while, reaching out to see if anyone has worked around this. I found one single post related to this where the only suggestion was to change how frequently Splunk reads in data, but tbh not much of an option here because Splunk is already known to peg out DBCPU time in my org.

Short version of it is I'm having trouble with Splunk only ingesting a job from the AsyncApexJob object in my Salesforce org once, even though that job will get updated repeatedly as it goes through statuses of Queued, Running, Completed, etc. It's not every job that does this, but it's frequently enough that I can't build an accurate alert off it.

There's a release note for add-on 4.2.2 that says this is a known issue: https://docs.splunk.com/Documentation/AddOns/released/Salesforce/Releasenotes#Known_issues however I'm on 4.0.3 of the Salesforce addon and my Splunk Enterprise is 7.3.3. 

Has anyone else noticed this, worked around it without changing the frequency Splunk hits the org, is it to be fixed in a future update, etc.?

Labels (2)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...